Hallo Leute,

ich habe folgendes Problem bei meiner Firewall2 von SUSE 8.0 und meinem DSL Anschluss. Wenn ich eine Verbindung bekomme..... also ich mich einwähle bekomme ich eine neue IP Adresse logisch ...... aber das IP-UP aktualiesiert die Firewallregeln nicht .... kann mir jemand helfen...????


Danke Gruss Eraser

poste doch einfach mal die entsprechende Datei

Ich benutze ja Suse 8.0 mit einer Susefirewall2 der Version 2.1....

Wenn ich den Internetzugang starte (einwahhl) mit cinternet -start wählt der Kollege sich ja mit dsl ein ..... aber leider aktualisiert er die Firewall nicht .....

JEtzt gibt es ein Verzeichniss wie auch bei Suse 7.X /etc/ppp wop auch das IP-UP Skrip liegt wo er auch nach schaut ob eine Susefirewall installiert .. is`t????!!!!???

-----------------------------------

BASENAME=${0##*/}
INTERFACE=$1
DEVICE=$2
SPEED=$3
LOCALIP=$4
REMOTEIP=$5
IPPARAM=$6

if [ -z "$REMOTEIP" ]; then
echo "Usage: $0 <INTERFACE> <DEVICE> <SPEED> <LOCALIP> <REMOTEIP>"
exit 1
fi

TERM=raw
export TERM

check_srv() {
RLVL=`/sbin/runlevel | sed 's/. //'`
test -L /etc/init.d/rc${RLVL}.d/S??$1 && return 0
return 1
}

start_firewall() {
case `uname -r` in
2.[345].*)
if check_srv SuSEfirewall2_setup; then
/sbin/SuSEfirewall2 start
else
if check_srv SuSEfirewall_setup; then
/sbin/SuSEfirewall start
fi
fi
;;
*)
if check_srv SuSEfirewall_setup; then
/sbin/SuSEfirewall start
fi
;;
esac
# KG: Probably not correct any more: Should check symlinks as well
test -x /sbin/SuSEpersonal-firewall && . /sbin/SuSEpersonal-firewall
}

# from here on output is logged by logger
case "$INTERFACE" in
ippp*)

if [ -f /etc/sysconfig/network/ifcfg-$INTERFACE ] ; then
. /etc/sysconfig/network/ifcfg-$INTERFACE
# should be deleted after DYNAMICDNS->USEPEERDNS migration
test -z "$USEPEERDNS" -a -n "$DYNAMICDNS" && USEPEERDNS=$DYNAMICDNS
else
echo "Device '$INTERFACE' has no sysconfig file";
exit 1
fi

case "$BASENAME" in
ip-up)
#
# Get the nameservers (works with ipppd option ms-get-dns):
#
if [ "$USEPEERDNS" = "yes" -a -n "$MS_DNS1" ]; then
/sbin/modify_resolvconf modify -s ipppd -e "$INTERFACE" \
-p ipppd -f /etc/ppp/ip-up -n "$MS_DNS1 $MS_DNS2" -t - << EOT
If you do not like the ipppd to change your nameserver
settings remove the option USEPEERDNS for this connection
EOT
fi

usw usw usw.....


----------------------------------------

oder nimmt er das Skript unter /etc/sysconfig/network/scripts/




Kannst Du mir helfen?????


Danke Gruss Eraser

das kanbn doch nicht die ganze ip-up sein, oder ???
da fehlt nämlich noch der ganze ppp-teil.
dieser teil ist interessant, der teil den du gepostet hast, definiert zumindest mal das objekt start_firewall, welches, wenn vorhanden, die SuSEfirewall2 startet. Nun brauche ich allerdings die Sektion wo dieses Objekt auch angwendet wird. Und da du dsl hast brauch ich auch den unteren teil der ip-up.

server01:/etc/ppp # less ip-up
#!/bin/sh

# (C) 1997-2002 SuSE Linux AG, Nuernberg, Germany
# Klaus Franken <feedback@suse.de> 25.02.1998
# Remo Behn <feedback@suse.de> 18.07.1998
# Arvin Schnell <feedback@suse.de> 28.02.2002
# Send suggestions and comments to feedback@suse.de

BASENAME=${0##*/}
INTERFACE=$1
DEVICE=$2
SPEED=$3
LOCALIP=$4
REMOTEIP=$5
IPPARAM=$6

if [ -z "$REMOTEIP" ]; then
echo "Usage: $0 <INTERFACE> <DEVICE> <SPEED> <LOCALIP> <REMOTEIP>"
exit 1
fi

TERM=raw
export TERM

check_srv() {
RLVL=`/sbin/runlevel | sed 's/. //'`
test -L /etc/init.d/rc${RLVL}.d/S??$1 && return 0
return 1
}

start_firewall() {
case `uname -r` in
2.[345].*)
if check_srv SuSEfirewall2_setup; then
/sbin/SuSEfirewall2 start
else
if check_srv SuSEfirewall_setup; then
/sbin/SuSEfirewall start
fi
fi
;;
*)
if check_srv SuSEfirewall_setup; then
/sbin/SuSEfirewall start
fi
;;
esac
# KG: Probably not correct any more: Should check symlinks as well
test -x /sbin/SuSEpersonal-firewall && . /sbin/SuSEpersonal-firewall
}

# from here on output is logged by logger
case "$INTERFACE" in
ippp*)

if [ -f /etc/sysconfig/network/ifcfg-$INTERFACE ] ; then
. /etc/sysconfig/network/ifcfg-$INTERFACE
# should be deleted after DYNAMICDNS->USEPEERDNS migration
test -z "$USEPEERDNS" -a -n "$DYNAMICDNS" && USEPEERDNS=$DYNAMICDNS
else
echo "Device '$INTERFACE' has no sysconfig file";
exit 1
fi

case "$BASENAME" in
ip-up)
#
# Get the nameservers (works with ipppd option ms-get-dns):
#
if [ "$USEPEERDNS" = "yes" -a -n "$MS_DNS1" ]; then
/sbin/modify_resolvconf modify -s ipppd -e "$INTERFACE" \
-p ipppd -f /etc/ppp/ip-up -n "$MS_DNS1 $MS_DNS2" -t - << EOT
If you do not like the ipppd to change your nameserver
settings remove the option USEPEERDNS for this connection
EOT
fi

# ip_resend hook
test "$IP_RESEND" = "yes" -a -x /usr/sbin/ip_resend_wakeup && \
/usr/sbin/ip_resend_wakeup -m $LOCALIP -o $INTERFACE

#
# SuSE Firewall script: If you installed and configured your firewall
# in /etc/sysconfig/firewall it will be started here:
#
test "$FIREWALL" = "yes" && start_firewall

#
# You may choose to use a default firewall script, configured for
# the standard dialup user(install package ipchains):
#
#test -x /etc/ppp/inet_chains.local && /etc/ppp/inet_chains.local "$@"

# maybe you want to start mail services:
# set follow variables in /etc/sysconfig/sendmail
# SENDMAIL_TYPE="yes"
# SENDMAIL_SMARTHOST="<ISP-mailserver>"
# SENDMAIL_ARGS="-bd -om"
# SENDMAIL_EXPENSIVE="yes"
# SENDMAIL_NOCANONIFY="yes"
#/usr/bin/fetchmail -a -v >>/var/log/fetchmail 2>&1 &
#/usr/sbin/sendmail -q &

# As an alternative to the commands above, you can use a seperate script,
# /etc/ppp/poll.tcpip. The default scripts as shipped is able to set the
# system clock using ntpdate (see the XNTPD_INITIAL_NTPDATE setting in
# /etc/sysconfig/xntp). It supports fetchmail with a system-wide
# /etc/fetchmailrc and can use UUCP to fetch mail over TCP/IP, provided
# that UUCP is configured properly. Last not least it also calls sendmail
# to send any queued mail. Uncomment the line below.
if test "$RUN_POLL_TCPIP" != "no" ; then
/etc/ppp/poll.tcpip | logger -p security.notice -t poll.tcpip > /dev/null &
fi

# call ip-up.local if it exists and is executable:
if test -x /etc/ppp/ip-up.local ; then
/etc/ppp/ip-up.local "$@" | logger -p security.notice -t ip-up.local > /dev/nu
ll &
fi
;;
ip-down)
#
# Restore the nameservers (got with ipppd option ms-get-dns):
#
if [ "$USEPEERDNS" = "yes" -a -n "$MS_DNS1" ]; then
/sbin/modify_resolvconf restore -s ipppd -e "$INTERFACE"
fi

# restart interface
LINK_OPT=""
test "$DYNAMICIP" = "yes" && LINK_OPT="$LINK_OPT dynamic on"
/sbin/ip address flush dev $INTERFACE
/sbin/ip link set $INTERFACE down
/sbin/ip link set $INTERFACE up $LINK_OPT
/sbin/ip address add dev $INTERFACE local $IPADDR peer $PTPADDR

# set routes from /etc/sysconfig/network/routes (only for dod)
if [ "$DIALMODE" = "auto" ] ; then
/etc/sysconfig/network/scripts/ifup-route $INTERFACE
fi

#
# SuSE Firewall script: If you installed and configured your firewall
# in /etc/sysconfig/firewall it will be started here:
#
test "$FIREWALL" = "yes" && start_firewall

# call ip-down.local if it exists and is executable:
if test -x /etc/ppp/ip-down.local ; then
/etc/ppp/ip-down.local "$@" | logger -p security.notice -t ip-down.local > /de
v/null &
fi

# ip_resend hook
test "$IP_RESEND" = "yes" -a -x /usr/sbin/ip_resend && \
/usr/sbin/ip_resend -o $INTERFACE $IP_RESEND_PARAMETER
;;
*)
;;
esac
;;

ppp*)
# Analog-PPP, add commands as you need...
case "$BASENAME" in
ip-up)
#
# This code allows automatic configuration of your resolv.conf
# for peer supplied DNS addresses when using the `usepeerdns'
# option. Original resolv.conf is restored when ip-down is called
# by pppd when the link goes down.
#
if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
/sbin/modify_resolvconf modify -s pppd -p pppd -e "$INTERFACE" \
-f /etc/ppp/ip-up -n "$DNS1 $DNS2" -t - << EOT
If you do not want the pppd to change your nameserver settings
set AUTODNS=no in the config file for this provider in
/etc/sysconfig/network/providers/ and ensure that the option
usepeerdns is not set in /etc/ppp/options.
EOT
fi

#
# SuSE Firewall script: If you installed and configured your firewall
# in /etc/sysconfig/firewall it will be started here:
#
start_firewall

#
# You may choose to use a default firewall script, configured for
# the standard dialup user(install package ipchains):
#
#test -x /etc/ppp/inet_chains.local && /etc/ppp/inet_chains.local "$@"

# maybe you want to start mail services:
# set follow variables in /etc/sysconfig/sendmail
# SENDMAIL_TYPE="yes"
# SENDMAIL_SMARTHOST="<ISP-mailserver>"
# SENDMAIL_ARGS="-bd -om"
# SENDMAIL_EXPENSIVE="yes"
# SENDMAIL_NOCANONIFY="yes"
#/usr/bin/fetchmail -a -v >>/var/log/fetchmail 2>&1 &
#/usr/sbin/sendmail -q &

# As an alternative to the commands above, you can use a seperate script,
# /etc/ppp/poll.tcpip. The default scripts as shipped is able to set the
# system clock using ntpdate (see the XNTPD_INITIAL_NTPDATE setting in
# /etc/sysconfig/xntp). It supports fetchmail with a system-wide
# /etc/fetchmailrc and can use UUCP to fetch mail over TCP/IP, provided
# that UUCP is configured properly. Last not least it also calls sendmail
# to send any queued mail.
if test -z "$IPPARAM" -o -n "${IPPARAM##*no_poll_tcpip*}" ; then
/etc/ppp/poll.tcpip | logger -p security.notice -t poll.tcpip > /dev/null &
fi

# call ip-up.local if it exists and is executable:
if test -x /etc/ppp/ip-up.local ; then
/etc/ppp/ip-up.local "$@" | logger -p security.notice -t ip-up.local > /dev/nu
ll &
fi
;;
ip-down)
#
# This code restores the original resolv.conf saved when ip-up
# was called by the pppd which uses the `usepeerdns' option and
# resolv.conf was modified for the supplied dns server adresses.
#
if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
/sbin/modify_resolvconf restore -s pppd -e "$INTERFACE"
fi

#
# SuSE Firewall script: If you installed and configured your firewall
# in /etc/sysconfig/firewall it will be started here:
#
start_firewall

# call ip-down.local if it exists and is executable:
if test -x /etc/ppp/ip-down.local ; then
/etc/ppp/ip-down.local "$@" | logger -p security.notice -t ip-down.local > /de
v/null &
fi
;;
*)
;;
esac
;;
*)
# dont know...
;;
esac | logger -p security.notice -t $BASENAME
server01:/etc/ppp #

jetzt haben wir es :) Danke für deine Hilfe

Ich hab hier anscheinend das gleiche Problem da ich keine dns kriege vom net her, die firewall blockt das alles ab so bald sie beim booten geladen wird.

suse7.3 hatte das gleiche prob und hatte update (aaa_base) dafür.

Wie habt ihr das den jetzt gelöst?

Moin,
das muss ein SuSE Problem sein.
Ich hab die SuSEfirewall2 hier unter Slackware laufen, und hier gibt es noch nicht einmal IP-UP, und die IP-Adresse wird immer schön aktualisiert.




Greetings Zaophod-B

Einfach unter /etc/ppp/ip-up.local erzeugen und folgendes Eintragen:

#!/bin/sh
/sbin/SuSEfirewall2

Die Datei mit chmod 755 ausführbar machen und schon aktuallisiert sich die Firewall auch mit der neuen IP!

Gruss

Lino