-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
jdd schreef: > M9. wrote: > > so, if I understand well you have only one lan (192.168.1.x) with all > the PC on it. Yes that is correct ;-) > > previously you said: > > "This morning i had to shut down the firewall to enter my Lan. > Printing was impossible, and also accessing the other pc's and laptops > in the network. > > What i do not understand is why this firewall prevents me from entering > other pc's in the network, while others can acces mine easily?" > > It looks like you (or any event) swapped the internal and external > network in the config > > try setting with defaults - usually defaults are good I used the defaults, after putting back the network interface back to the external zone again. > >> About /etc/scripts/SuSEfirewall2, there are many files there, i do not >> know which one you want to see. > > it's not a folder but a file in my computer (but the one I have just at > hand is a 10.1, may be the file was spread in several ones later) > > this file is commented internally, and the comments are the only > firewall notice I know of > >> IMHO should a firwall be configured once, and work in silence, >> protecting a pc or laptop against attack fro 'outside'. > > it's what SuSEfirewall2 do usually :-) > >> It should not block the trusted hosts, and block the untrusted ones. > > not clear in your config wich is what In my config there are only trusted hosts... (in a windows case there are constantly hosts that are informed by dataminers, in windows one should be able to block them...) > >> A warning should be displayed, with an option to grant or denie an >> attempt to enter the pc, with a discription of the host and the ip >> adress, so that one can decide to let pass once or forever, which does >> not mean that 'forever' can not be changed to denie. > > it's really too easy to clic on "yes" without caution and very difficult > to go back after, and should any user be allowed to do so? Normaly, if you have a good firewall, there is a discription of the host, its ip adress, and the purpose for entering from or towards the pc. The streams are visible if you want: in, out, and which ports are used. each programm is listed, and the ports they use. > >> >> A realy good firewall can work with passwords, just as a server can. > > I think somewhat your definition of "firewall" is wrong. a firewall is > used to open or close "ports" exactly! , not communication yes it has to let me know who is going out and going in, and i must be able to shut whatever port i like, in principle.. (your firewalls don't > do NAT, as you have an other router). > > whatever you do with these ports is irrelevant. If some host wants to enter my pc, i want to know this, and be able to close the gate (port) if i do not want it entering for whatever reason i have. If i give a password to a host, it can enter without noticing me, as long as i want to let the firewall exept the password. > > a firewall works at the packet level, not at the logical one, it knows > nothing of passwords. It protect networks, so if you want a part with > trusted pc, it must be the internal and untrusted the external or the > dmz if they are in your house, but this needs an other net card (an > other lan). A good firewall can handele this perfectly, with just one card. > > you can set some filtering based on IP, but I'm not sure it's secure and > anyway it's difficult to setup. > > finally you said "This morning i had to shut down the firewall to enter > my Lan.", so the day before the firewall was nice, what did change in > between? Not one thing, that is why i call the firewall inconsistent.. > > I beg you use an samba network and windows samba is buggy and needs to > open nearly anything to work as was said from the beginning by an other > writer. I use samba on the Linux-side, > > http://lists.opensuse.org/opensuse-factory/2007-09/msg00335.html > > but if I understand well, doing so is nearly the same as stopping the > firewall. As i understand, only for the ports used by samba for the LAN? > > use of samba server on suse fixes the permission problem. Samba server i did not use before... > > jdd > If you want to know what i mean, you should download the free sygate firewall from norton, and use it on a windows box. - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: [EMAIL PROTECTED] Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG6/6WX5/X5X6LpDgRAk/MAKDHiYPzxAqnJA1sqEvChupx03ySHQCghFAw K7nudtOjDVT7Uz2in5rMOUA= =PE8L -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
