Difference between revisions of "Firewall SuSE"
Aaron winborn (Talk | contribs | merge | delete) m (=For both: Restarting the firewall= sp) |
Vollstrecker (Talk | contribs) m (Removed Author) |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | |||
− | |||
== Preamble == | == Preamble == | ||
− | This document has been tested on [http://www.suse.com SuSE Linux 8.2] | + | This document has been tested on [http://www.suse.com SuSE Linux 8.2] and [http://en.opensuse.org/ OpenSUSE 10.1] |
For non-[http://www.suse.com SuSE] distributions help, take a look at [[Firewall|this HowTo]]. | For non-[http://www.suse.com SuSE] distributions help, take a look at [[Firewall|this HowTo]]. | ||
Line 15: | Line 13: | ||
Open ''/etc/sysconfig/SuSEfirewall2'', and locate ''FW_SERVICES_EXT_TCP'' and ''FW_SERVICES_EXT_UDP''. Now add to both of these the above ports: | Open ''/etc/sysconfig/SuSEfirewall2'', and locate ''FW_SERVICES_EXT_TCP'' and ''FW_SERVICES_EXT_UDP''. Now add to both of these the above ports: | ||
− | ''FW_SERVICES_EXT_TCP="4662 | + | ''FW_SERVICES_EXT_TCP="4662"''<br> |
− | ''FW_SERVICES_EXT_UDP=" | + | ''FW_SERVICES_EXT_UDP="4665 4672"'' |
Note that you should keep ports that are already in there. | Note that you should keep ports that are already in there. | ||
Line 51: | Line 49: | ||
=== The clean way: Restart the daemon === | === The clean way: Restart the daemon === | ||
− | + | Run: | |
− | + | ||
− | + | ||
− | ''/ | + | ''/etc/init.d/network force-reload && /etc/init.d/SuSEfirewall2_setup force-reload'' |
Be aware that if you are connected to the router remotely, if something failed during this process, this could terminate your connection and so, leave the router in an accessible way. | Be aware that if you are connected to the router remotely, if something failed during this process, this could terminate your connection and so, leave the router in an accessible way. |
Latest revision as of 12:02, 3 August 2008
Contents
Preamble
This document has been tested on SuSE Linux 8.2 and OpenSUSE 10.1
For non-SuSE distributions help, take a look at this HowTo.
Using SuSE Linux as a client machine
If you run SuSE Linux on your client machine which runs a firewall itself, you need to do the following to allow the correct ports to come through:
You basically need to allow TCP and UDP ports 4662 and 4672 to be open.
Open /etc/sysconfig/SuSEfirewall2, and locate FW_SERVICES_EXT_TCP and FW_SERVICES_EXT_UDP. Now add to both of these the above ports:
FW_SERVICES_EXT_TCP="4662"
FW_SERVICES_EXT_UDP="4665 4672"
Note that you should keep ports that are already in there.
After making these changes save the file.
Using SuSE Linux as a router/firewall
If you use SuSE Linux on your router/firewall to connect to the internet you can do the following to forward the ports used by aMule/eMule/etc to your client:
Set your firewall to forward all connections coming to it thorugh ports 4662 and 4672 in TCP and UDP to your internal client machine.
Open /etc/sysconfig/SuSEfirewall2 and locate FW_FORWARD_MASQ (it's in 14.). Now, assuming your client's IP is 192.168.0.3, set this to this value:
FW_FORWARD_MASQ="0/0,192.168.0.3,tcp,4662 0/0,192.168.0.3,udp,4662 0/0,192.168.0.3,tcp,4672 0/0,192.168.0.3,udp,4672"
Note that a rule like "0/0,192.168.0.3,tcp,4662" simply means that incoming TCP connections through port 4662 from any address (0/0) will be forwarded to your the machine 192.168.0.3 on the same port.)
For this to work, you have to have FW_ROUTE (in 5.) set to "yes" in the same file.
After making these changes, save the file.
For both: Restarting the firewall
Once you finish configurating the firewall, you must restart the firewall daemon for the changes to take effect.
You can restart SuSEfirewall2 through two different ways:
- Restarting the daemon
- Through YaST
Use the first one whenever possible. If you can't then restart the firewall through YaST.
The clean way: Restart the daemon
Run:
/etc/init.d/network force-reload && /etc/init.d/SuSEfirewall2_setup force-reload
Be aware that if you are connected to the router remotely, if something failed during this process, this could terminate your connection and so, leave the router in an accessible way.
The dirty way: YaST gives us a hand
Start YaST. Go to "Security and users" (or similar), and once there choose "Firewall". Now simply go through all dialogs and end up with them. At the end it will restart your firewall with these new rules.