Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: 11.4 new install, how to operate Firewall?

  1. #1
    Join Date
    Jan 2009
    Location
    just outside Acton, Ontario, Canada
    Posts
    185

    Default 11.4 new install, how to operate Firewall?

    I have done a new install of 11.4 and as with previous versions, I have to go to YAST2 and disable the firewall before I have internet and local network access. Finally I must find out how to do this correctly.

    How to I change the default firewall to allow me internet and local network access without disabling it completely?

    Also I am unclear about the function of Novel Network Armor? What does this do?

    Thanks - I am an advanced newbie (and probably always will be).

  2. #2

    Default Re: 11.4 new install, how to operate Firewall?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    It sounds like you're saying that you need to modify the firewall in order
    for this 11.4 server to access other things on the network, which is
    definitely not true. The default firewall rules block incoming requests,
    not outgoing requests.

    If you are wanting to know how to allow access to this 11.4 system from
    other things (whether on your local network or the Internet) then how you
    configure your firewall depends on which services you want to allow. If
    you want to allow SSH, allow SSH... httpd? httpd. There are nice little
    drop-downs from which you can choose/select/enable specific ports in Yast:

    sudo /sbin/yast firewall

    Good luck.






    On 05/25/2011 07:36 AM, georgeinacton wrote:
    >
    > I have done a new install of 11.4 and as with previous versions, I have
    > to go to YAST2 and disable the firewall before I have internet and local
    > network access. Finally I must find out how to do this correctly.
    >
    > How to I change the default firewall to allow me internet and local
    > network access without disabling it completely?
    >
    > Also I am unclear about the function of Novel Network Armor? What does
    > this do?
    >
    > Thanks - I am an advanced newbie (and probably always will be).
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.15 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJN3RHsAAoJEF+XTK08PnB5tlEQAKTMkVi83io2juaJ73PdNwt5
    r8KjYX42eFwPcFUNsrQHnkhfJMVBzj8LgSLqQMOQluWHX9FokcgjC4gj733SjpcB
    7VdhvGHgAskZEEfUcjc00D5tu+CGodhjJXyio2YPTef29HrXzEGHUq5Wir8WjiRq
    tr8PFZ/YEl81eWz53tPt2C4qnrHGIs8IPBGcJ1OSeqL7sFuC4BaQg2+DYvfIYrxf
    sxAefCCvzKnlcqsoQlu/jWfLtB6KTUmzXuELIgVGF51JP1qf5vLSKnYJISzzwhcF
    d3zojzK9D3EQq3Y9cuQEbFq+bw5hkEJ+i9e9u+eEcTx1kd3ml0/kwpx4G3dxD/tm
    4JmvWGEITqC2GBZyz6h+nGIMCwjUFVdQRVcKW8fNZjUnigI0rhm0NKhC/Te4dGG0
    K4zxWv0dr7vHimEq6UwXhb9k3YvhOjvSWwmSP0CxFUZ2a5Gp8Fdj3vKPGuF2/+qi
    oIHWfk8WKdKGLaIXaZvvA9b0DLjOT3vE5kjJNOlHN5i8c9VHd7463UcqczZdQcoT
    uA3MPqOXWLyBT8FCgTNnkKiLXAqFrP3/bgo/xCOXNwnLZ8wkVmKmhXPdALCJJK4W
    dgQ+DyDP0hFq/0NoNSfGw+zz10r+cHalWQCHdHLwMCPJbT1xfDpL8NShr7T18h0j
    +wF/v9ygDgAt2V4XHPBz
    =gmoU
    -----END PGP SIGNATURE-----

  3. #3
    Join Date
    Dec 2009
    Location
    Moldova
    Posts
    130

    Default Re: 11.4 new install, how to operate Firewall?

    Hello,
    you can read about firewalls in general and configuring the Firewall with YaST here: Chapter

  4. #4
    Join Date
    Jan 2009
    Location
    just outside Acton, Ontario, Canada
    Posts
    185

    Default Re: 11.4 new install, how to operate Firewall?

    Thank you for the link and for the tip about allowing services. Obviously I have lots to learn. The info at the link will no doubt be helpful but probably too technical for me at my current state of knowlege.

    My simple observation is that with Firewall enabled, I have 1) no local network access (looking outward from this new 11.4) or 2) internet access from this machine (Firefox does not find wesites. With the firewall disabled, both of these functions work. I don't think that I am supposed to operate with the firewall disabled?

  5. #5
    Join Date
    Jan 2009
    Location
    Switzerland
    Posts
    1,529

    Default Re: 11.4 new install, how to operate Firewall?

    I don't think that I am supposed to operate with the firewall disabled?
    Certainly not. Try to configure your firewall with yast. Assign your network interface card as external and close all ports to start with. The firewall will not prevent you from browsing the outside world.
    Technology is 'stuff that doesn't work yet.' -- Bran Ferren

  6. #6
    Join Date
    Jan 2009
    Location
    just outside Acton, Ontario, Canada
    Posts
    185

    Default Re: 11.4 new install, how to operate Firewall?

    Thank you. I will experiment with that.

  7. #7

    Default Re: 11.4 new install, how to operate Firewall?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    K, neat observation, so now we troubleshoot. Post the output from the
    following commands:

    ip addr
    ip route
    ip -s link
    grep -v '^#' /etc/resolv.conf
    ping -c 2 8.8.8.8
    ping -c 2 google.com
    ping -c 2 novell.com
    ping -c 2 130.57.5.70

    Good luck.





    On 05/25/2011 09:36 AM, georgeinacton wrote:
    >
    > Thank you. I will experiment with that.
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.15 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJN3SThAAoJEF+XTK08PnB5FToQAM4ly0inD6UUr3PzZTo8g6G5
    rUs2bNsuA2wvxiD8qvDziKqnFTa+W/uPYI/Ry1WajTfMbzC2zLVEyVcskGFciQ8x
    f9jqhtRAh5TxuzYt7Hyz3xYgIRaERtfQqQVpNvUbTJnT7GIsppEHMpOP4vy1g9sV
    Fmw7lzIx65Hvnh+SQnNshZgF0/+GtNDVrOU3jpNpe1BGbK8o4kYBnWZJQNOXmqw2
    ZGhJYmKTMNZCtXgLmZO6PRY8gz/L93o6r2zlclzHpmdTd2tpO+FoMlGd/Umfu3Mm
    8pB5JG4/h4FnwpGkN2wZfsGuJ4EVUEjIgiP78oe+Hgh3T0vmxQCRzDSR8SnMoglV
    gMR88ZLKq+7nL3ttJvyZ+djmJnFw/ZEjFoWAUwClKL7OA3ZV1Akrnu4FajltDmy8
    bc/GzZagPn378sNwLwUwRJHhj21gXH79glXnvb/iVrvcan+yLMW5BcPt1+J3PX6+
    aHo4OMWMf0hbAshMPa0aMtSqLCMJDvXYh2VwB/FTkiHGATa87eI/6brEkAtKBmIy
    qTZXAXS6j15shEwOXUkkUEZ4h23QhGrUJTR46nejTsJIaiMohBZIcdiGE3rWNxJ1
    XzDBbXraKJuva4F6+vwoPqlc8zK2t2DukTmAWpVGahYxJCXCYS1YB/cWugGfFIUR
    ooLp0ZOEPP2TpeZBohVH
    =j4Fz
    -----END PGP SIGNATURE-----

  8. #8
    Join Date
    Jan 2009
    Location
    just outside Acton, Ontario, Canada
    Posts
    185

    Default Re: 11.4 new install, how to operate Firewall?

    Now I check again and with the firewall ON or OFF I have web access, unlike this morning!I do not see the Once again I checked access to my local network and with the firewall ON I do not see the local machines yet with the firewall OFF I do see them.

    I am doing your tests with the firewall ON:

    george@linux-mii1:~> ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet 127.0.0.2/8 brd 127.255.255.255 scope host secondary lo
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0b:cd:66:e8:6c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.14/24 brd 192.168.1.255 scope global eth0
    inet6 fe80::20b:cdff:fe66:e86c/64 scope link
    valid_lft forever preferred_lft forever


    george@linux-mii1:~> ip route
    192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.14
    169.254.0.0/16 dev eth0 scope link
    127.0.0.0/8 dev lo scope link
    default via 192.168.1.1 dev eth0


    george@linux-mii1:~> ip -s link
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes packets errors dropped overrun mcast
    23267 316 0 0 0 0
    TX: bytes packets errors dropped carrier collsns
    23267 316 0 0 0 0
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0b:cd:66:e8:6c brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    11412110 19799 0 8219 0 0
    TX: bytes packets errors dropped carrier collsns
    739669 6615 0 0 0 0


    george@linux-mii1:~> grep -v '^#' /etc/resolv.conf
    nameserver 192.168.1.1


    george@linux-mii1:~> ping -c 2 8.8.8.8
    PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
    64 bytes from 8.8.8.8: icmp_req=1 ttl=47 time=92.9 ms
    64 bytes from 8.8.8.8: icmp_req=2 ttl=47 time=101 ms

    --- 8.8.8.8 ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1001ms
    rtt min/avg/max/mdev = 92.931/97.370/101.809/4.439 ms


    george@linux-mii1:~> ping -c 2 google.com
    PING google.com (74.125.91.106) 56(84) bytes of data.
    64 bytes from qy-in-f106.1e100.net (74.125.91.106): icmp_req=1 ttl=44 time=144 ms
    64 bytes from qy-in-f106.1e100.net (74.125.91.106): icmp_req=2 ttl=44 time=262 ms

    --- google.com ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1001ms
    rtt min/avg/max/mdev = 144.675/203.393/262.111/58.718 ms


    george@linux-mii1:~> ping -c 2 novell.com
    PING novell.com (130.57.5.70) 56(84) bytes of data.

    --- novell.com ping statistics ---
    2 packets transmitted, 0 received, 100% packet loss, time 1006ms


    george@linux-mii1:~> ping -c 2 130.57.5.70
    PING 130.57.5.70 (130.57.5.70) 56(84) bytes of data.

    --- 130.57.5.70 ping statistics ---
    2 packets transmitted, 0 received, 100% packet loss, time 1007ms


    After the negative result on the last two, I went back and ping'd google again and got:

    george@linux-mii1:~> ping -c 2 google.com
    PING google.com (74.125.91.106) 56(84) bytes of data.
    64 bytes from qy-in-f106.1e100.net (74.125.91.106): icmp_req=1 ttl=44 time=120 ms
    64 bytes from qy-in-f106.1e100.net (74.125.91.106): icmp_req=2 ttl=44 time=138 ms

    --- google.com ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1001ms
    rtt min/avg/max/mdev = 120.472/129.407/138.342/8.935 ms

  9. #9

    Default Re: 11.4 new install, how to operate Firewall?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    That sounds like it is working properly... for some reason I cannot ping
    novell.com either so that does not matter. Internet access seems to work
    per your description.

    Local network access is another issue. How do you expect to be able to
    "see" other machines on your network? Tried pinging them by IP address?
    Allowed whichever protocol(s) you are trying to use?

    Good luck.





    On 05/25/2011 04:06 PM, georgeinacton wrote:
    >
    > Now I check again and with the firewall ON or OFF I have web access,
    > unlike this morning!I do not see the Once again I checked access to my
    > local network and with the firewall ON I do not see the local machines
    > yet with the firewall OFF I do see them.
    >
    > I am doing your tests with the firewall ON:
    >
    > -george@linux-mii1:~> ip addr
    > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    > inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    > inet 127.0.0.2/8 brd 127.255.255.255 scope host secondary lo
    > inet6 ::1/128 scope host
    > valid_lft forever preferred_lft forever
    > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
    > state UP qlen 1000
    > link/ether 00:0b:cd:66:e8:6c brd ff:ff:ff:ff:ff:ff
    > inet 192.168.1.14/24 brd 192.168.1.255 scope global eth0
    > inet6 fe80::20b:cdff:fe66:e86c/64 scope link
    > valid_lft forever preferred_lft forever
    > -
    >
    > -george@linux-mii1:~> ip route
    > 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.14
    > 169.254.0.0/16 dev eth0 scope link
    > 127.0.0.0/8 dev lo scope link
    > default via 192.168.1.1 dev eth0
    > -
    >
    > -george@linux-mii1:~> ip -s link
    > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    > RX: bytes packets errors dropped overrun mcast
    > 23267 316 0 0 0 0
    > TX: bytes packets errors dropped carrier collsns
    > 23267 316 0 0 0 0
    > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
    > state UP qlen 1000
    > link/ether 00:0b:cd:66:e8:6c brd ff:ff:ff:ff:ff:ff
    > RX: bytes packets errors dropped overrun mcast
    > 11412110 19799 0 8219 0 0
    > TX: bytes packets errors dropped carrier collsns
    > 739669 6615 0 0 0 0 -
    >
    > -george@linux-mii1:~> grep -v '^#' /etc/resolv.conf
    > nameserver 192.168.1.1
    > -
    >
    > -george@linux-mii1:~> ping -c 2 8.8.8.8
    > PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
    > 64 bytes from 8.8.8.8: icmp_req=1 ttl=47 time=92.9 ms
    > 64 bytes from 8.8.8.8: icmp_req=2 ttl=47 time=101 ms
    >
    > --- 8.8.8.8 ping statistics ---
    > 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
    > rtt min/avg/max/mdev = 92.931/97.370/101.809/4.439 ms
    > -
    >
    > -george@linux-mii1:~> ping -c 2 google.com
    > PING google.com (74.125.91.106) 56(84) bytes of data.
    > 64 bytes from qy-in-f106.1e100.net (74.125.91.106): icmp_req=1 ttl=44
    > time=144 ms
    > 64 bytes from qy-in-f106.1e100.net (74.125.91.106): icmp_req=2 ttl=44
    > time=262 ms
    >
    > --- google.com ping statistics ---
    > 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
    > rtt min/avg/max/mdev = 144.675/203.393/262.111/58.718 ms-
    >
    > -george@linux-mii1:~> ping -c 2 novell.com
    > PING novell.com (130.57.5.70) 56(84) bytes of data.
    >
    > --- novell.com ping statistics ---
    > 2 packets transmitted, 0 received, 100% packet loss, time 1006ms
    > -
    >
    > -george@linux-mii1:~> ping -c 2 130.57.5.70
    > PING 130.57.5.70 (130.57.5.70) 56(84) bytes of data.
    >
    > --- 130.57.5.70 ping statistics ---
    > 2 packets transmitted, 0 received, 100% packet loss, time 1007ms
    > -
    >
    > After the negative result on the last two, I went back and ping'd
    > google again and got:
    >
    > -george@linux-mii1:~> ping -c 2 google.com
    > PING google.com (74.125.91.106) 56(84) bytes of data.
    > 64 bytes from qy-in-f106.1e100.net (74.125.91.106): icmp_req=1 ttl=44
    > time=120 ms
    > 64 bytes from qy-in-f106.1e100.net (74.125.91.106): icmp_req=2 ttl=44
    > time=138 ms
    >
    > --- google.com ping statistics ---
    > 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
    > rtt min/avg/max/mdev = 120.472/129.407/138.342/8.935 ms
    > -
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.15 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJN3ZW5AAoJEF+XTK08PnB5P7sP/RbCA5ud1pgCk7043fgPaRDO
    +FwfZWu2QKmTd+h8WOGifv3TCIg8cOIX6eN2h894jIKRL01eDFfyC74PYsdwK2I7
    eSE9jboNd3D1XM0MuLmO9fikVPuSTskTrXalKlTZogvujvKct3XTTyUGW38bVNZR
    CZZG9ewBbWpKKuQ4UV/z8KddMl6aQSlYAXsJB0zWDLGuBASYjX+hfWpzv/z2eCIQ
    zSNxKbdYk7MWX47EmK96bPGYMFgB0g4nxXOF4VLfcVLnaYQW3DUsGbImG/rgRszP
    /e6OYjH4G6VZWOn2aMfdtFU/VEEJRRV7BAyuotewouu6KZWXcrGe52wEv693/0Qv
    U0KbKAdyDaokbe0u7RXHYa1H2a5KsrIHruGiColNacRPFMj6UNElwj14XO0eVjdD
    8cPM2V241MYcujgG0PwMVPWkhtaDme/RQEy5SVbx/ZXA+4sYR4itkSyzIN8HOG7h
    FFGErca2KA2C1k6G7/qUe/xK81wKGJiP9f1yryiZI36zOeYj6mavu6eJw4lPQho4
    aLuQ6v1Dd0RMA4H08579gW/YIyMr5kWhV5thaiTXGhUbu1qx9+eO4g1EVoWDefI2
    YtMuzv8wSJremE7wdNhNdX57wwrvE4uR6w8m+uxmRow7xiGo2rN18ZlscSIlJn17
    mGqeQhI3ZhHpIWEuh+BK
    =ZF4q
    -----END PGP SIGNATURE-----

  10. #10
    Join Date
    Jan 2009
    Location
    just outside Acton, Ontario, Canada
    Posts
    185

    Default Re: 11.4 new install, how to operate Firewall?

    Thank you.
    To try to "see" local machines I go to Dolphin > Network > Samba Shares.
    Firewall ON - does not work
    Firewall OFF - works

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •