I have a problem with my firewall I suppose and wonder if someone might know how to solve it, that’s be nice.
The network I’m connected to requires to allow echo request every 2 minutes, otherways one gets disconnected.
In YasST I just found a firewall setting for eth0, but not for my wireless eth1… So does the one for eth0 include the settings for eth1 as well or do I have a create a new configuration? The problem is that I don’t manage to find out how to do that, I guess this should be relatively easy…? (also pinging is allowed in eth0, but I get disconnected anyhow)
If it’s helpful: I use oS 11.4 with the 3.1.0-3-desktop x86_64 kernel and KDE 4.6.0, connections are managed by KNetworkmanager. I needed a 3.x kernel for my wireless card to work (Realtek RTL8188CE 802.11b/g/n WiFi Adapter).
That looks to be a separate problem. Shouldn’t really happen, but I’ve seen something similar at a WiFi hotspot. Does running something like
ping -i 10 -c 9999 www.google.com
(in a terminal) help? (pings google every ten seconds, to a maximum of 9999 pings; you should be able to modify the site pinged. the interval and the maximum count quite easily)
In normal circumstances, your wireless would not be eth1, but something like wlan0. Are you really sure that eth1 isn’t something else?
In the Yast firewall settings, there’s an option for interfaces. If your “eth1” does not show up there, then it is because it has not been configured. You can try configuring with Yast network devices. You will have to temporarily switch to “ifup” to configure, then you can switch back to using NetworkManager. I don’t think it is actually necessary. I’m pretty sure that when I was using a VPN client, the VPN virtual interface was protected by the firewall even though not listed among the configured interfaces.
The wireless interface on my laptop was known as “eth1”. That was when running opensuse 11.4, with the “wl” drivers (for broadcom cards) from pacman. I’m now running 12.1 rc2, and using the drivers that come with the kernel. The wireless interface is now “wlan0”.
@markone: I pinged that one IP which I want to allow to ping me, and it works, but after a short while I can’t ping it anymore. It’s a special network (at my university), neither private nor all public.
Thanks, that helped. Now in the firewall config also “wlan0” appears.
But sadly that wasn’t enough to make it work.
So the thing is, that I want to use this laptop with 3 connections: 2 in university, one with cable, one wirless (they both require the echo request) and one in a private network, which I didn’t test yet, but with another laptop with the same version of oS it wasn’t any problem.
I need to allow an ICMP echo request (type 0 and 8) for a certain IP. But I’m too confused to get it right (also my knowledge in this field is pretty little)…
Here are some variables from /etc/sysconfig/SuSEfirewall2 which seem to matter. Could someone tell me how I should set them? It would be appreciated.
FW_ALLOW_PING_FW="yes"
FW_DEV_EXT="eth0 wlan0"
FW_DEV_INT=""
FW_ROUTE="no"
# Example: "172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22"
#
FW_TRUSTED_NETS="xxx.xx.xx.xxx" <- I don't know how the rest should look like
FW_FORWARD=""
