hallo zusammen,
habe ein Problem mit der Susefirewall und bräuchte mal euren rat,muß noch dazu sagen ich bin linuxneuling
ich habe mir Suse 9.3 als router eingerichtet nun habe ich ein Problem
mit dem portforwarding ich nutze noch die SuSEfirewall2.Und zwar geht es um ein online game das für einen Dedicated Host die ports 12300,12307 udp benötigen,der host wird zwar online angezeigt kann ihn aber nicht beitreten was mache ich falsch ?
habe unter etc/services das gefunden aber damit kann ich nicht anfangen
linogridengine 12300/tcp # LinoGrid Engine
linogridengine 12300/udp # LinoGrid Engine
wie müßten den meine einstellungen sein damit das funzt hier ist meine config ist noch fast im orginalzustand und auch über sonstige einstellungs tipps was Sicherheit betrifft währe ich euch im voraus schon dankbar
# Path: Network/Firewall/SuSEfirewall2
#
# 2.)
#
FW_DEV_EXT="dsl0 eth-id-00:50:fc:79:5c:d2"
###############################################
#
# 3.)
FW_DEV_INT="eth-id-00:50:fc:79:3a:a5"
###############################################
#
# 4.) Examples: "eth-id-00:e0:4c:9f:61:9a", "tr0", "eth0 eth1"
FW_DEV_DMZ=""
###############################################
#
# 5.) /etc/sysconfig/network/options
FW_ROUTE="yes"
###############################################
#
# 6.) Type: yes no masquerade internal networks to the outside?
FW_MASQUERADE="yes"
################################################
#
# 6a.) Examples: "ippp0", "$FW_DEV_EXT"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
################################################
#
# 7.) Type: yes no Do you want to protect the firewall
# from the internal network?
FW_PROTECT_FROM_INT="no"
###############################################
#
# 9.) !! TCP !! services _on the firewall_ should be
# accessible from untrusted networks?
#
# Examples: "ssh", "123 514", "3200:3299", "ftp 22 telnet 512:514"
FW_SERVICES_EXT_TCP="80 domain"
##
## UDP services Example: "53"
#
FW_SERVICES_EXT_UDP="domain"
###############################################
#
# Usually for VPN/Routing which END at the firewall
#
# Example: "esp"
#
FW_SERVICES_EXT_IP=""
# Example: "mountd nfs"
FW_SERVICES_EXT_RPC=""
## Type: string see comments for FW_SERVICES_EXT_TCP
#
FW_SERVICES_DMZ_TCP="80"
## Type: string see comments for FW_SERVICES_EXT_UDP
#
FW_SERVICES_DMZ_UDP=""
## Type: string see comments for FW_SERVICES_EXT_IP
#
FW_SERVICES_DMZ_IP=""
## Type: string see comments for FW_SERVICES_EXT_RPC
#
FW_SERVICES_DMZ_RPC=""
## Type: string see comments for FW_SERVICES_EXT_TCP
#
FW_SERVICES_INT_TCP="80 microsoft-ds netbios-dgm netbios-ns netbios-ssn"
## Type: string see comments for FW_SERVICES_EXT_UDP
#
FW_SERVICES_INT_UDP="netbios-ns"
## Type: string see comments for FW_SERVICES_EXT_IP
#
FW_SERVICES_INT_IP=""
## Type: string see comments for FW_SERVICES_EXT_RPC
#
FW_SERVICES_INT_RPC=""
#-------------------
# Format: space separated list of net,protocol[,port][,sport]
# Example: "0/0,tcp,445 0/0,udp,4662"
FW_SERVICES_DROP_EXT=""
#-------------------------
# Format: space separated list of net,protocol[,dport][,sport]
# Example: "0/0,tcp,113"
FW_SERVICES_REJECT_EXT="0/0,tcp,113"
#--------------------------------
# Format: space separated list of net,protocol[,dport][,sport]
# Example: "0/0,tcp,22"
FW_SERVICES_ACCEPT_EXT=""
##################################################
#
# 10.) services should be accessible from 'trusted' hosts or nets?
# Example: "172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22"
#
FW_TRUSTED_NETS=""
#################################################
#
# 11.) Specify which ports are allowed to access unprivileged ports (>1023)
# Format: yes, no or space separated list of ports
# defaults to "no" if not set (good choice)
FW_ALLOW_INCOMING_HIGHPORTS_TCP=""
#-----------------------------------------------
# See FW_ALLOW_INCOMING_HIGHPORTS_TCP
# defaults to "no" if not set (good choice)
FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
################################################
#
# 13.) Requires: FW_ROUTE
FW_FORWARD=""
###############################################
#
# 14.) ports auf den clienten forwarden
#
FW_FORWARD_MASQ="0/0,192.168.6.3,udp,12300 0/0,192.168.6.3,udp,12307"
####################################################
#
# 15.) Which accesses to services should be redirected to a
# local port on the firewall machine?
# Example: "10.0.0.0/8,0/0,tcp,80,3128 0/0,172.20.1.1,tcp,80,8080"
FW_REDIRECT=""
##################################################
#
# 16.) Type: yes no Which kind of packets should be logged?
FW_LOG_DROP_CRIT="yes"
#----------------------------------
# whether all dropped packets should be logged
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
#-------------------------------
# Type: yes no
# defaults to "no" if not set
FW_LOG_ACCEPT_ALL="no"
#-----------------------------
#
# Format: a digit and suffix /second, /minute, /hour or /day
FW_LOG_LIMIT=""
#-----------------------------
## Type: string
#
# iptables logging option. Must end with --log-prefix and some prefix
# characters only change this if you know what you are doing!
FW_LOG=""
################################################
#
# 17.) Type: yes no
# Do you want to enable additional kernel TCP/IP security features?
#
FW_KERNEL_SECURITY="yes"
###############################################
#
# 18.) Type: yes no
# Choices "yes" or "no", if not set defaults to "no"
FW_STOP_KEEP_ROUTING_STATE="no"
################################################
#
# 19.) Type: yes no Allow the firewall to reply to icmp echo requests
#
FW_ALLOW_PING_FW="yes"
#-----------------------------------
# 19a.) Type: yes no
#
FW_ALLOW_PING_DMZ="no"
#------------------------------------
# 19b.) Type: yes no
#
# Default: no
# Allow external hosts to be pinged from internal or dmz hosts
# REQUIRES: FW_ROUTE
#
# defaults to "no" if not set
FW_ALLOW_PING_EXT="no"
#########################################
#
# END of /etc/sysconfig/SuSEfirewall2
#
# #
#-------------------------------------------------------------------------#
# #
# EXPERT OPTIONS - all others please don't change these! #
# #
#-------------------------------------------------------------------------#
#
# 21.) Allow ICMP sourcequench from your ISP?
#
# Defaults to "yes" if not set
FW_ALLOW_FW_SOURCEQUENCH=""
#################################################
#
# 22.) string (yes,no) Allow IP Broadcasts?
#
# Whether the firewall allows broadcasts packets.
# Broadcasts are used for e.g. for Netbios/Samba, RIP, OSPF and Games.
#
FW_ALLOW_FW_BROADCAST_EXT=""
#---------------------------------------------------------
## Type: string
#
# see comments for FW_ALLOW_FW_BROADCAST_EXT
FW_ALLOW_FW_BROADCAST_INT="netbios-ns"
#---------------------------------------------------------
# Type: string
#
# see comments for FW_ALLOW_FW_BROADCAST_EXT
FW_ALLOW_FW_BROADCAST_DMZ=""
#--------------------------------------------------------
# Type: string (yes,no)
#
# Suppress logging of dropped broadcast packets. Useful if you don't allow
# broadcasts on a LAN interface.
#
FW_IGNORE_FW_BROADCAST_EXT="yes"
#----------------------------------------------------
# Type: string
#
# see comments for FW_IGNORE_FW_BROADCAST_EXT
FW_IGNORE_FW_BROADCAST_INT="no"
#-------------------------------------------------
# Type: string
#
# see comments for FW_IGNORE_FW_BROADCAST_EXT
FW_IGNORE_FW_BROADCAST_DMZ="no"
#------------------------------------------------
# 23.) Type: yes no
# Default: no
#
# Allow same class routing per default?
# REQUIRES: FW_ROUTE
#
FW_ALLOW_CLASS_ROUTING=""
###############################################
#
# 25.) Type: string
#
# Do you want to load customary rules from a file?
#
# This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!
# READ THE EXAMPLE CUSTOMARY FILE AT /etc/sysconfig/scripts/SuSEfirewall2-custom
#
#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""
###############################################
# 26.) Type: yes no
# Default: no
#
# Do you want to REJECT packets instead of DROPing?
#
FW_REJECT=""
##############################################
#
# 27.) Type: string
#
FW_HTB_TUNE_DEV=""
#########################################################
#
# 28.) Type: list(no,drop,reject)
# Default: drop
#
# What to do with IPv6 Packets?
#
FW_IPv6=""
#############################################
#
# 28a.) Type: yes no
# Default: yes
# Reject outgoing IPv6 Packets?
#
FW_IPv6_REJECT_OUTGOING=""
################################################
# 29.) Type: list(yes,no,int,ext,dmz)
# Default: no
#
# Note: you still need to explicitely allow IPsec traffic.
# Example:
# FW_IPSEC_TRUST="int"
# FW_SERVICES_EXT_IP="esp"
# FW_SERVICES_EXT_UDP="isakmp"
# FW_PROTECT_FROM_INT="no"
#
# Defaults to "no" if not set
#
FW_IPSEC_TRUST="no"
###############################################
#
# 30.) Type: string
#
# Default: Define additional firewall zones
#
# Example:
# FW_ZONES="wlan"
# FW_DEV_wlan="wlan0"
# FW_SERVICES_wlan_TCP="80"
# FW_ALLOW_FW_BROADCAST_wlan="yes"
#
FW_ZONES=""
###############################################
habe ein Problem mit der Susefirewall und bräuchte mal euren rat,muß noch dazu sagen ich bin linuxneuling
ich habe mir Suse 9.3 als router eingerichtet nun habe ich ein Problem
mit dem portforwarding ich nutze noch die SuSEfirewall2.Und zwar geht es um ein online game das für einen Dedicated Host die ports 12300,12307 udp benötigen,der host wird zwar online angezeigt kann ihn aber nicht beitreten was mache ich falsch ?
habe unter etc/services das gefunden aber damit kann ich nicht anfangen
linogridengine 12300/tcp # LinoGrid Engine
linogridengine 12300/udp # LinoGrid Engine
wie müßten den meine einstellungen sein damit das funzt hier ist meine config ist noch fast im orginalzustand und auch über sonstige einstellungs tipps was Sicherheit betrifft währe ich euch im voraus schon dankbar
# Path: Network/Firewall/SuSEfirewall2
#
# 2.)
#
FW_DEV_EXT="dsl0 eth-id-00:50:fc:79:5c:d2"
###############################################
#
# 3.)
FW_DEV_INT="eth-id-00:50:fc:79:3a:a5"
###############################################
#
# 4.) Examples: "eth-id-00:e0:4c:9f:61:9a", "tr0", "eth0 eth1"
FW_DEV_DMZ=""
###############################################
#
# 5.) /etc/sysconfig/network/options
FW_ROUTE="yes"
###############################################
#
# 6.) Type: yes no masquerade internal networks to the outside?
FW_MASQUERADE="yes"
################################################
#
# 6a.) Examples: "ippp0", "$FW_DEV_EXT"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
################################################
#
# 7.) Type: yes no Do you want to protect the firewall
# from the internal network?
FW_PROTECT_FROM_INT="no"
###############################################
#
# 9.) !! TCP !! services _on the firewall_ should be
# accessible from untrusted networks?
#
# Examples: "ssh", "123 514", "3200:3299", "ftp 22 telnet 512:514"
FW_SERVICES_EXT_TCP="80 domain"
##
## UDP services Example: "53"
#
FW_SERVICES_EXT_UDP="domain"
###############################################
#
# Usually for VPN/Routing which END at the firewall
#
# Example: "esp"
#
FW_SERVICES_EXT_IP=""
# Example: "mountd nfs"
FW_SERVICES_EXT_RPC=""
## Type: string see comments for FW_SERVICES_EXT_TCP
#
FW_SERVICES_DMZ_TCP="80"
## Type: string see comments for FW_SERVICES_EXT_UDP
#
FW_SERVICES_DMZ_UDP=""
## Type: string see comments for FW_SERVICES_EXT_IP
#
FW_SERVICES_DMZ_IP=""
## Type: string see comments for FW_SERVICES_EXT_RPC
#
FW_SERVICES_DMZ_RPC=""
## Type: string see comments for FW_SERVICES_EXT_TCP
#
FW_SERVICES_INT_TCP="80 microsoft-ds netbios-dgm netbios-ns netbios-ssn"
## Type: string see comments for FW_SERVICES_EXT_UDP
#
FW_SERVICES_INT_UDP="netbios-ns"
## Type: string see comments for FW_SERVICES_EXT_IP
#
FW_SERVICES_INT_IP=""
## Type: string see comments for FW_SERVICES_EXT_RPC
#
FW_SERVICES_INT_RPC=""
#-------------------
# Format: space separated list of net,protocol[,port][,sport]
# Example: "0/0,tcp,445 0/0,udp,4662"
FW_SERVICES_DROP_EXT=""
#-------------------------
# Format: space separated list of net,protocol[,dport][,sport]
# Example: "0/0,tcp,113"
FW_SERVICES_REJECT_EXT="0/0,tcp,113"
#--------------------------------
# Format: space separated list of net,protocol[,dport][,sport]
# Example: "0/0,tcp,22"
FW_SERVICES_ACCEPT_EXT=""
##################################################
#
# 10.) services should be accessible from 'trusted' hosts or nets?
# Example: "172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22"
#
FW_TRUSTED_NETS=""
#################################################
#
# 11.) Specify which ports are allowed to access unprivileged ports (>1023)
# Format: yes, no or space separated list of ports
# defaults to "no" if not set (good choice)
FW_ALLOW_INCOMING_HIGHPORTS_TCP=""
#-----------------------------------------------
# See FW_ALLOW_INCOMING_HIGHPORTS_TCP
# defaults to "no" if not set (good choice)
FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
################################################
#
# 13.) Requires: FW_ROUTE
FW_FORWARD=""
###############################################
#
# 14.) ports auf den clienten forwarden
#
FW_FORWARD_MASQ="0/0,192.168.6.3,udp,12300 0/0,192.168.6.3,udp,12307"
####################################################
#
# 15.) Which accesses to services should be redirected to a
# local port on the firewall machine?
# Example: "10.0.0.0/8,0/0,tcp,80,3128 0/0,172.20.1.1,tcp,80,8080"
FW_REDIRECT=""
##################################################
#
# 16.) Type: yes no Which kind of packets should be logged?
FW_LOG_DROP_CRIT="yes"
#----------------------------------
# whether all dropped packets should be logged
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
#-------------------------------
# Type: yes no
# defaults to "no" if not set
FW_LOG_ACCEPT_ALL="no"
#-----------------------------
#
# Format: a digit and suffix /second, /minute, /hour or /day
FW_LOG_LIMIT=""
#-----------------------------
## Type: string
#
# iptables logging option. Must end with --log-prefix and some prefix
# characters only change this if you know what you are doing!
FW_LOG=""
################################################
#
# 17.) Type: yes no
# Do you want to enable additional kernel TCP/IP security features?
#
FW_KERNEL_SECURITY="yes"
###############################################
#
# 18.) Type: yes no
# Choices "yes" or "no", if not set defaults to "no"
FW_STOP_KEEP_ROUTING_STATE="no"
################################################
#
# 19.) Type: yes no Allow the firewall to reply to icmp echo requests
#
FW_ALLOW_PING_FW="yes"
#-----------------------------------
# 19a.) Type: yes no
#
FW_ALLOW_PING_DMZ="no"
#------------------------------------
# 19b.) Type: yes no
#
# Default: no
# Allow external hosts to be pinged from internal or dmz hosts
# REQUIRES: FW_ROUTE
#
# defaults to "no" if not set
FW_ALLOW_PING_EXT="no"
#########################################
#
# END of /etc/sysconfig/SuSEfirewall2
#
# #
#-------------------------------------------------------------------------#
# #
# EXPERT OPTIONS - all others please don't change these! #
# #
#-------------------------------------------------------------------------#
#
# 21.) Allow ICMP sourcequench from your ISP?
#
# Defaults to "yes" if not set
FW_ALLOW_FW_SOURCEQUENCH=""
#################################################
#
# 22.) string (yes,no) Allow IP Broadcasts?
#
# Whether the firewall allows broadcasts packets.
# Broadcasts are used for e.g. for Netbios/Samba, RIP, OSPF and Games.
#
FW_ALLOW_FW_BROADCAST_EXT=""
#---------------------------------------------------------
## Type: string
#
# see comments for FW_ALLOW_FW_BROADCAST_EXT
FW_ALLOW_FW_BROADCAST_INT="netbios-ns"
#---------------------------------------------------------
# Type: string
#
# see comments for FW_ALLOW_FW_BROADCAST_EXT
FW_ALLOW_FW_BROADCAST_DMZ=""
#--------------------------------------------------------
# Type: string (yes,no)
#
# Suppress logging of dropped broadcast packets. Useful if you don't allow
# broadcasts on a LAN interface.
#
FW_IGNORE_FW_BROADCAST_EXT="yes"
#----------------------------------------------------
# Type: string
#
# see comments for FW_IGNORE_FW_BROADCAST_EXT
FW_IGNORE_FW_BROADCAST_INT="no"
#-------------------------------------------------
# Type: string
#
# see comments for FW_IGNORE_FW_BROADCAST_EXT
FW_IGNORE_FW_BROADCAST_DMZ="no"
#------------------------------------------------
# 23.) Type: yes no
# Default: no
#
# Allow same class routing per default?
# REQUIRES: FW_ROUTE
#
FW_ALLOW_CLASS_ROUTING=""
###############################################
#
# 25.) Type: string
#
# Do you want to load customary rules from a file?
#
# This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!
# READ THE EXAMPLE CUSTOMARY FILE AT /etc/sysconfig/scripts/SuSEfirewall2-custom
#
#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""
###############################################
# 26.) Type: yes no
# Default: no
#
# Do you want to REJECT packets instead of DROPing?
#
FW_REJECT=""
##############################################
#
# 27.) Type: string
#
FW_HTB_TUNE_DEV=""
#########################################################
#
# 28.) Type: list(no,drop,reject)
# Default: drop
#
# What to do with IPv6 Packets?
#
FW_IPv6=""
#############################################
#
# 28a.) Type: yes no
# Default: yes
# Reject outgoing IPv6 Packets?
#
FW_IPv6_REJECT_OUTGOING=""
################################################
# 29.) Type: list(yes,no,int,ext,dmz)
# Default: no
#
# Note: you still need to explicitely allow IPsec traffic.
# Example:
# FW_IPSEC_TRUST="int"
# FW_SERVICES_EXT_IP="esp"
# FW_SERVICES_EXT_UDP="isakmp"
# FW_PROTECT_FROM_INT="no"
#
# Defaults to "no" if not set
#
FW_IPSEC_TRUST="no"
###############################################
#
# 30.) Type: string
#
# Default: Define additional firewall zones
#
# Example:
# FW_ZONES="wlan"
# FW_DEV_wlan="wlan0"
# FW_SERVICES_wlan_TCP="80"
# FW_ALLOW_FW_BROADCAST_wlan="yes"
#
FW_ZONES=""
###############################################