[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    [suse-security] SuSEfirewall2 Anti SPOOFING
From:       Stephen Prendergast <stephen () sps ! co ! nz>
Date:       2004-02-24 5:07:10
Message-ID: 200402241807.15670.stephen () sps ! co ! nz
[Download RAW message or body]

Guys

I've got myself a little confused over some issues I'm having on this and 
despite reading Togan's primer don't seem to be winning.

                          ADSL router -10.10.99.1
                                     | DHCP , DNS
                                     |
                               eth1 10.10.99.5
                                    |   ssh
                                    |
                               eth0 10.10.200.254
                                    | squid, squidguard, internal http
                                    |
                                 rest of Lan

SuSEfirewall2

FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS domain"

Logs I get the following when the firewall has been started and the browsers 
hang - squid trying for dns resolution I suspect

Feb 24 17:57:37 localhost kernel: SuSE-FW-DROP-ANTI-SPOOF IN=eth1 OUT= 
MAC=00:80:ad:8e:f9:64:00:d0:41:0e:92:1f:08:00 SRC=10.10.99.1 DST=10.10.99.5 
LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=51956 PROTO=UDP SPT=53 DPT=1052 LEN=128

Squid is setup to use the nameserver from resolv.conf as 10.10.99.1 as 
provided by dhcp.

Does this indicate I should provide a local dns rather than pass through the 
firewall ?

Cheers, all help warmly appreciated.

--
Stephen Prendergast
SP Software Ltd
07 570 1452
021 466 247



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here


[prev in list] [next in list] [prev in thread] [next in thread]