Firewall on a labtop as private web / mail server

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Firewall on a labtop as private web / mail server

Patrick Serru
    Hello everyone,

    I hope I am asking on the good list. Excuse me, please, if not.

    This is strange, but on the 5 Leap 42.3 installations on a labtop Compaq
Presario C700, the last two did me the honor to ask me the configuration of
the network, and not the first three. Can anyone tell me, please, why the
installation may require configuration, immediately after the choice of
language and layout of the keyboard ? The choice of a minimal installation,
perhaps.

    After this minimal installation for a text-based operation, online
updating, adding to the minimum system of XOrg-X11 and tigervnc, having
banned the "yast2-firewall" and "network manager" packages, the system
reboots and works correctly, with wifi interfaces and Ethernet still in the
desired configuration.

    Here is a shema of installation :
      ____   eth0             ____
     |    |<---------------->|    |
     |desk|              .-->|hub |
     |top |  eth1        |   |    |
     |____|<--.          |   |____|
              |          | 192.168.0.0      ______
         eth1 |          |    _____       _/      \_
  198.168.1.0 |          .-->|     |     (          )
              |              |modem|---->( INTERNET )
         eth0 |              |cable|     (_        _)
      ____    |              |_____|       \______/
     |    |<--’ eth0            ^
     |lab |                     |
     | top| wlan0               . 192.168.0.0
     |____|<--....           ....

    Can anyone help me, please, to set up the labtop firewall, with the
file /etc/sysconfig/SuSEfirewall2 ? Here is the contents of this file for my
last attempt:
FW_DEV_EXT="wlan0"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="no"
FW_MASQUERADE="no"
FW_MASQ_DEV=""
FW_MASQ_NETS=""
FW_NOMASQ_NETS=""
FW_PROTECT_FROM_INT=""
FW_SERVICES_EXT_TCP="http https 587 imap"
FW_SERVICES_EXT_UDP="53"
All other parameters contain their default values (either empty,
or empty strings).

    My goal is to allow all the traffic on the network 192.168.1.0 (eth0) and
limit that from the outside (wlan0) to http, https, 587 and imap. The labtop
must of course be able to resolve domain names (DNS).

    I thank you for the attention you paid ti this e-mail.

    Sincerly,

Patrick Serru
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Firewall on a labtop as private web / mail server

Carlos E. R.-2
On 2017-10-03 17:40, Patrick Serru wrote:
>     Hello everyone,
>
>     I hope I am asking on the good list. Excuse me, please, if not.

This seems to me a normal user question, which should be asked in the
normal mail list. I don't see the security question in your post.


>     This is strange, but on the 5 Leap 42.3 installations on a labtop Compaq
> Presario C700, the last two did me the honor to ask me the configuration of
> the network, and not the first three. Can anyone tell me, please, why the
> installation may require configuration, immediately after the choice of
> language and layout of the keyboard ? The choice of a minimal installation,
> perhaps.

The exact answer would be compare the install logs of all five installs
and see where they go different.

Normally the system tries to autoconfigure the network. It may ask if it
fails. The network is needed to provide the updated release notes, the
translations of some texts, to access online repos if asked, and to
provide online updates if asked during the install.

>     After this minimal installation for a text-based operation, online
> updating, adding to the minimum system of XOrg-X11 and tigervnc, having
> banned the "yast2-firewall" and "network manager" packages, the system
> reboots and works correctly, with wifi interfaces and Ethernet still in the
> desired configuration.
>
>     Here is a shema of installation :
>       ____   eth0             ____
>      |    |<---------------->|    |
>      |desk|              .-->|hub |
>      |top |  eth1        |   |    |
>      |____|<--.          |   |____|
>               |          | 192.168.0.0      ______
>          eth1 |          |    _____       _/      \_
>   198.168.1.0 |          .-->|     |     (          )
>               |              |modem|---->( INTERNET )
>          eth0 |              |cable|     (_        _)
>       ____    |              |_____|       \______/
>      |    |<--’ eth0            ^
>      |lab |                     |
>      | top| wlan0               . 192.168.0.0
>      |____|<--....           ....
>
>     Can anyone help me, please, to set up the labtop firewall, with the
> file /etc/sysconfig/SuSEfirewall2 ? Here is the contents of this file for my
> last attempt:
> FW_DEV_EXT="wlan0"
> FW_DEV_INT="eth0"
> FW_DEV_DMZ=""
> FW_ROUTE="no"
> FW_MASQUERADE="no"
> FW_MASQ_DEV=""
> FW_MASQ_NETS=""
> FW_NOMASQ_NETS=""
> FW_PROTECT_FROM_INT=""
> FW_SERVICES_EXT_TCP="http https 587 imap"
> FW_SERVICES_EXT_UDP="53"
> All other parameters contain their default values (either empty,
> or empty strings).
You need routing if devices in the wlan are to access the lan using the
laptop. If it is not that what you want, you have to explain.

>
>     My goal is to allow all the traffic on the network 192.168.1.0 (eth0) and
> limit that from the outside (wlan0) to http, https, 587 and imap. The labtop
> must of course be able to resolve domain names (DNS).


--
Cheers / Saludos,

                Carlos E. R.

  (from 42.2 x86_64 "Malachite" (Minas Tirith))


signature.asc (220 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Firewall on a labtop as private web / mail server

Patrick Serru
    Hello everyone, hello Carlos,

    Thank you for the response.

Le mardi 03 octobre 2017, Carlos E. R. a écrit :
> On 2017-10-03 17:40, Patrick Serru wrote:
>>     Hello everyone,
>>
>>     I hope I am asking on the good list. Excuse me, please, if not.
>
> This seems to me a normal user question, which should be asked in the
> normal mail list. I don't see the security question in your post.
    Well, virtual or real, the firewalls exist fore security reasons.

>
>>     This is strange, but on the 5 Leap 42.3 installations on a labtop
>> Compaq Presario C700, the last two did me the honor to ask me the
>> configuration of the network, and not the first three. Can anyone tell
>> me, please, why the installation may require configuration, immediately
>> after the choice of language and layout of the keyboard ? The choice of a
>> minimal installation, perhaps.
>
> The exact answer would be compare the install logs of all five installs
> and see where they go different.
    The logs of the previous installations are lost for ever. So I can not
compare.

>
>>     Can anyone help me, please, to set up the labtop firewall, with the
>> file /etc/sysconfig/SuSEfirewall2 ? Here is the contents of this file for
>> my last attempt:
>> FW_DEV_EXT="wlan0"
>> FW_DEV_INT="eth0"
>> FW_DEV_DMZ=""
>> FW_ROUTE="no"
>> FW_MASQUERADE="no"
>> FW_MASQ_DEV=""
>> FW_MASQ_NETS=""
>> FW_NOMASQ_NETS=""
>> FW_PROTECT_FROM_INT=""
>> FW_SERVICES_EXT_TCP="http https 587 imap"
>> FW_SERVICES_EXT_UDP="53"
>> All other parameters contain their default values (either empty,
>> or empty strings).
>
> You need routing if devices in the wlan are to access the lan using the
> laptop. If it is not that what you want, you have to explain.
    The labtop does not have to route anything. The reason of the
point-to-point ethernet link 192.168.1.0 between the labtop and my destop is
to permit me to connect with ssh as root to the labtop. Furthermore, the
labtop is working 24/24, and not the destop.

    Sincerly

Patrick Serru

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]