qwert2000
23.07.01, 21:19
ich versuche bereits seit Tagen neben der Proxy die suse-firewall laufen zu lassen,
allerdings vergeblich. Hat das schon jemand bei suse 7.1 kern 2.4 hinbekommen?
das Problem ist: beim Hochfahren funktioniert alles bis auf die Namensauflösung
ping suse.de funkz. nicht, ping 213.95.15.200(ip von suse.de) dagegen schon
wenn nach einer Zeit aufgelegt wird, kann ich nur dann eine seite aufrufen z.B. www.suse.de (http://www.suse.de)
wenn ich sie als http://213.95.15.200 eingebe
habe ich dns ausgespert? ein anderer Grund? Ich komm gerade nicht weiter... :-(
es exsistiert eine
/etc/resolv.conf
nameserver 62.225.253.9
nameserver 194.25.2.129
ip der proxy/firewall
dsl <- >eth0 192.168.22.1
eth1 -> lan - 192.168.1.1/254
bitte um Kommentare, wo man was ändern kann, das wird sicherlich nicht nur mich interessieren,
schon Mal vielen dank!!!!
hier sind die "kritischen" stellen meiner squid.conf und firewall.rc.config
/etc/squid.conf
acl's:
acl all src 192.168.1.0/255.255.255.0
acl manager proto http ftp cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl Lan src 192.168.1.1-192.168.1.254/255.255.255.0
http_access's:
http_access allow all manager localhost CONNECT Lan
http_access allow Lan
http_access allow all
http_access allow all manager localhost
SSL_ports Safe_ports Safe_ports Safe_ports Safe_ports Safe_ports CONNECT Lan
/etc/rc.config.d/firewall.rc.config
FW_DEV_WORLD="ppp0"
FW_DEV_INT="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.1.0/24"
FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD"
FW_PROTECT_FROM_INTERNAL="yes"
FW_AUTOPROTECT_GLOBAL_SERVICES="yes"
FW_SERVICES_EXTERNAL_TCP="53 3128" # für dns und squid
FW_SERVICES_EXTERNAL_UDP="53" # dns
FW_SERVICES_EXTERNAL_IP="" #
FW_SERVICES_DMZ_TCP="" #
FW_SERVICES_DMZ_UDP="" #
FW_SERVICES_DMZ_IP="" #
FW_SERVICES_INTERNAL_TCP="21:23 53 3128" # ftp, dns, squid
FW_SERVICES_INTERNAL_UDP="53" # dns
FW_SERVICES_INTERNAL_IP="" #
FW_TRUSTED_NETS="192.168.1.0/24" # lan
FW_SERVICES_TRUSTED_TCP="53 3128" # Common: ssh
FW_SERVICES_TRUSTED_UDP="53" # Common: syslog time ntp
FW_SERVICES_TRUSTED_IP="" # For VPN/Routing which END at the firewall!!
FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # Common: "DNS" or "domain ntp"
FW_SERVICE_DNS="yes" # if yes, FW_SERVICES_*_TCP needs to have port 53
# (or "domain") set to allow incoming queries.
# also FW_ALLOW_INCOMING_HIGHPORTS_UDP needs to be "yes"
FW_SERVICE_DHCLIENT="no" # if you use dhclient to get an ip address
# you have to set this to "yes" !
FW_SERVICE_DHCPD="no" # set to "yes" if this server is a DHCP server
FW_SERVICE_SAMBA="no" # set to "yes" if this server uses samba as client
# or server. As a server, you still have to set
# FW_SERVICES_{WORLD,DMZ,INT}_TCP="139"
# Everyone may send you udp 137/138 packets if set
# to yes! (samba on the firewall is not a good idea!)
FW_FORWARD_TCP="" # Beware to use this!
FW_FORWARD_UDP="" # Beware to use this!
FW_FORWARD_IP="" # Beware to use this!
FW_FORWARD_MASQ_TCP="" # Beware to use this!
FW_FORWARD_MASQ_UDP="" # Beware to use this!
FW_REDIRECT_TCP=""
FW_REDIRECT_UDP=""
FW_LOG_DENY_CRIT="yes"
FW_LOG_DENY_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
#
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
allerdings vergeblich. Hat das schon jemand bei suse 7.1 kern 2.4 hinbekommen?
das Problem ist: beim Hochfahren funktioniert alles bis auf die Namensauflösung
ping suse.de funkz. nicht, ping 213.95.15.200(ip von suse.de) dagegen schon
wenn nach einer Zeit aufgelegt wird, kann ich nur dann eine seite aufrufen z.B. www.suse.de (http://www.suse.de)
wenn ich sie als http://213.95.15.200 eingebe
habe ich dns ausgespert? ein anderer Grund? Ich komm gerade nicht weiter... :-(
es exsistiert eine
/etc/resolv.conf
nameserver 62.225.253.9
nameserver 194.25.2.129
ip der proxy/firewall
dsl <- >eth0 192.168.22.1
eth1 -> lan - 192.168.1.1/254
bitte um Kommentare, wo man was ändern kann, das wird sicherlich nicht nur mich interessieren,
schon Mal vielen dank!!!!
hier sind die "kritischen" stellen meiner squid.conf und firewall.rc.config
/etc/squid.conf
acl's:
acl all src 192.168.1.0/255.255.255.0
acl manager proto http ftp cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl Lan src 192.168.1.1-192.168.1.254/255.255.255.0
http_access's:
http_access allow all manager localhost CONNECT Lan
http_access allow Lan
http_access allow all
http_access allow all manager localhost
SSL_ports Safe_ports Safe_ports Safe_ports Safe_ports Safe_ports CONNECT Lan
/etc/rc.config.d/firewall.rc.config
FW_DEV_WORLD="ppp0"
FW_DEV_INT="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.1.0/24"
FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD"
FW_PROTECT_FROM_INTERNAL="yes"
FW_AUTOPROTECT_GLOBAL_SERVICES="yes"
FW_SERVICES_EXTERNAL_TCP="53 3128" # für dns und squid
FW_SERVICES_EXTERNAL_UDP="53" # dns
FW_SERVICES_EXTERNAL_IP="" #
FW_SERVICES_DMZ_TCP="" #
FW_SERVICES_DMZ_UDP="" #
FW_SERVICES_DMZ_IP="" #
FW_SERVICES_INTERNAL_TCP="21:23 53 3128" # ftp, dns, squid
FW_SERVICES_INTERNAL_UDP="53" # dns
FW_SERVICES_INTERNAL_IP="" #
FW_TRUSTED_NETS="192.168.1.0/24" # lan
FW_SERVICES_TRUSTED_TCP="53 3128" # Common: ssh
FW_SERVICES_TRUSTED_UDP="53" # Common: syslog time ntp
FW_SERVICES_TRUSTED_IP="" # For VPN/Routing which END at the firewall!!
FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # Common: "DNS" or "domain ntp"
FW_SERVICE_DNS="yes" # if yes, FW_SERVICES_*_TCP needs to have port 53
# (or "domain") set to allow incoming queries.
# also FW_ALLOW_INCOMING_HIGHPORTS_UDP needs to be "yes"
FW_SERVICE_DHCLIENT="no" # if you use dhclient to get an ip address
# you have to set this to "yes" !
FW_SERVICE_DHCPD="no" # set to "yes" if this server is a DHCP server
FW_SERVICE_SAMBA="no" # set to "yes" if this server uses samba as client
# or server. As a server, you still have to set
# FW_SERVICES_{WORLD,DMZ,INT}_TCP="139"
# Everyone may send you udp 137/138 packets if set
# to yes! (samba on the firewall is not a good idea!)
FW_FORWARD_TCP="" # Beware to use this!
FW_FORWARD_UDP="" # Beware to use this!
FW_FORWARD_IP="" # Beware to use this!
FW_FORWARD_MASQ_TCP="" # Beware to use this!
FW_FORWARD_MASQ_UDP="" # Beware to use this!
FW_REDIRECT_TCP=""
FW_REDIRECT_UDP=""
FW_LOG_DENY_CRIT="yes"
FW_LOG_DENY_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
#
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"