Howto configure P-t-P in iptables?

53K53ztZ6DS5L7n · July 8, 2013, 2:47pm

Without iptables, I have access to port 80, using the ppp0 (P-t-P) device.
With iptables, I can’t get it to work.

Bug: yast2 only shows the actual network interfaces, not any other added virtual devices.
Bug: Also, custom firewall rules (added in yast2) don’t work at all in OpenSuse 12.3. I think there are already threads about this.

Each time I open a P-t-P connection, iptables is reloaded.
Each time I try to add a custom firewall rule by hand. For example:

iptables -A input_ext -i ppp0 -p tcp --dport 80 -j ACCEPT

input_ext because that’s where yast2 currently also puts the port 22 rule. But ppp0 probably is currently not configured, in any ‘zone’ at all.

It shows up in ‘iptables -nL’ but nothing gets through. Without iptables everything works.

Howdo I inform iptables (or yast2) about added ppp devices? What else can I try?

AdaLovelace · July 8, 2013, 3:05pm

Welcome to openSUSE!

Your problem is, that the SuSEfirewall2 is running. That’s the generally used firewall by openSUSE. You can stop that and install iptables: Iptables - openSUSE
You shouldn’t have problems with iptables after that any more.

deano_ferrari · July 9, 2013, 3:04am

No, that is not correct. SuSEfirewall2 consists of a script that generates iptables rules based on the /etc/sysconfig/SuSEfirewall2 config file. Custom rules can be written as required.

Some reading:

openSUSE 12.3: Chapter 13. Masquerading and Firewalls