Can't get firewall configured - buggy?

Hi there,

I am running a dedicated suse 10.3 server where I would like to switch on the firewall. Only services allowed for external are http, https and ssh.

Now I have configured those services to the external zone and assigned the network interface to the external zone.

After starting the firewall everything looks OK. Then I reboot the server and … all ports are closed!!! How come? I did not change anything besides that. The installation is a clean new install.

Any ideas? Thank you for ANY help!

Hi,

johannes 77 wrote:
> I am running a dedicated suse 10.3 server where I would like to switch
> on the firewall. Only services allowed for external are http, https and
> ssh.
>
> Now I have configured those services to the external zone and assigned
> the network interface to the external zone.
>
> After starting the firewall everything looks OK. Then I reboot the
> server and … all ports are closed!!! How come? I did not change
> anything besides that. The installation is a clean new install.

Please provide output of the following command:
egrep -v “^#|^$” /etc/sysconfig/SuSEfirewall2

Kind regards,
Andreas Stieger

Hello Andreas,

thank you for your help. I have in the meantime installed a fresh system again, configured the firewall and started it. Everything worked perfect like it should. Then I added the option “enable on start up”, I rebooted and then… nothing! All ports closed. However, I looked at the console and it says on boot:

Waiting for mandatory devices: eth-id-00:19:99:48:cf:25 eth1 NSC
14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
eth-id-00:19:99:48:cf:25 No interface found failed
eth1 No interface found failed
Setting up service network . . . . . . . . . . . . . . failed
Starting syslog services. done
Master Resource Control: runlevel 2 has been reached
Failed services in runlevel 2: network

The output you asked for:
server:~ # egrep -v “^#|^$” /etc/sysconfig/SuSEfirewall2
FW_DEV_EXT=“any eth-id-00:19:99:48:cf:25”
FW_DEV_INT=""
FW_DEV_DMZ=""
FW_ROUTE=“no”
FW_MASQUERADE=“no”
FW_MASQ_DEV=“zone:ext”
FW_MASQ_NETS=“0/0”
FW_NOMASQ_NETS=""
FW_PROTECT_FROM_INT=“no”
FW_SERVICES_EXT_TCP=“http https ssh”
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_EXT_RPC=""
FW_CONFIGURATIONS_EXT=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_DMZ_RPC=""
FW_CONFIGURATIONS_DMZ=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_INT_RPC=""
FW_CONFIGURATIONS_INT=""
FW_SERVICES_DROP_EXT=""
FW_SERVICES_REJECT_EXT=“0/0,tcp,113”
FW_SERVICES_ACCEPT_EXT=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP=""
FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
FW_FORWARD=""
FW_FORWARD_REJECT=""
FW_FORWARD_DROP=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT=“yes”
FW_LOG_DROP_ALL=“no”
FW_LOG_ACCEPT_CRIT=“yes”
FW_LOG_ACCEPT_ALL=“no”
FW_LOG_LIMIT=""
FW_LOG=""
FW_KERNEL_SECURITY=“yes”
FW_STOP_KEEP_ROUTING_STATE=“no”
FW_ALLOW_PING_FW=“yes”
FW_ALLOW_PING_DMZ=“no”
FW_ALLOW_PING_EXT=“no”
FW_ALLOW_FW_SOURCEQUENCH=""
FW_ALLOW_FW_BROADCAST_EXT=“no”
FW_ALLOW_FW_BROADCAST_INT=“no”
FW_ALLOW_FW_BROADCAST_DMZ=“no”
FW_IGNORE_FW_BROADCAST_EXT=“yes”
FW_IGNORE_FW_BROADCAST_INT=“no”
FW_IGNORE_FW_BROADCAST_DMZ=“no”
FW_ALLOW_CLASS_ROUTING=""
FW_CUSTOMRULES=""
FW_REJECT=""
FW_REJECT_INT=“yes”
FW_HTB_TUNE_DEV=""
FW_IPv6=""
FW_IPv6_REJECT_OUTGOING=""
FW_IPSEC_TRUST=“no”
FW_ZONES=""
FW_USE_IPTABLES_BATCH=""
FW_LOAD_MODULES=""
FW_FORWARD_ALWAYS_INOUT_DEV=""
FW_SERVICES_ACCEPT_INT=""
FW_SERVICES_ACCEPT_DMZ=""

Any ideas? Or am I looking at a hardware problem?

Thank you for any help,

Johannes