SuSE firewall kills all active connections

hi all,
I'm running an internal network with my linux box as diallup gateway.

I used the yaST firewall configuration with the following:
external int ppp0
internal int = eth0
Allow traceroute = yes
forward traffic, do masq = yes
protect all running services = no
protect from internal network = no

Everything seems to work fine except when the modem connects.
Then the firewall drops all active connections from the internal network.
This is bad since i use VNC and ssh to work on it.

Any ideas?
Cheers,
thorsteinnAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

UstasCommented:
I guess you need to build a custom firewall..

Another firewall script that I've used myself and which should work for you is Bastille-Firewall

Here is the script:
http://www.tux.org/~peterw/linux/bastille-firewall-scripts.tar.gz
0
Gabriel OrozcoSolution ArchitectCommented:
or, maybe you could use this simple script:

Of course, you need to get rid of the suse firewall and setup this on a file. I usually name it /etc/rc.d/rc.firewall and call it from /etc/rc.d/rc.local.
---
# I think you have DSL. if it's already starting, then
# delete the "adsl-start" line:
adsl-start

#Activate IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

ipt="/usr/local/sbin/iptables"
outside=ppp0
inside=eth1
other=eth0

$ipt -F
$ipt -t nat -F
$ipt -t mangle -F
$ipt -P INPUT DROP
$ipt -P OUTPUT DROP
$ipt -P FORWARD DROP

$ipt -A INPUT -i lo -j ACCEPT
$ipt -A INPUT -i $inside -j ACCEPT
$ipt -A OUTPUT -i $inside -j ACCEPT
$ipt -A FORWARD -i $inside -j ACCEPT

$ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Accept at least traffic to ssh into this host.
$ipt -A INPUT -p tcp --dport 22 -j ACCEPT
#Accept 11 sessions of VNC:
$ipt -A INPUT -p tcp --dport 5900:5910 -j ACCEPT
#now the nat thing.
$ipt -t nat -A POSTROUTING -o $outside -j MASQUERADE

---
This script will not forward anything from eth0 to eth1.
as you asked to be, but forwards (it does not nat) from eth1 to eth0, and NAT from eth1 to ppp0, any ip they could have.


Hope this helps
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Gabriel OrozcoSolution ArchitectCommented:
thorsteinn: any news?
0
Gabriel OrozcoSolution ArchitectCommented:
:-(
why the 'B'??
I just wanted to know if this was your answer, or if you needed some tuning or something like that.
but a "B"?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.