41.5.2 Firewall Configuration with
Now redirect all incoming requests via the firewall with help of a port forwarding rule
to the Squid port. To do this, use the enclosed tool SuSEfirewall2, described in
tion 43.4.1, "Configuring the Firewall with YaST"
be found in /etc/sysconfig/SuSEfirewall2. The configuration file consists
of well-documented entries. To set a transparent proxy, you must configure several
firewall options:
• Device pointing to the Internet: FW_DEV_EXT="eth1"
• Device pointing to the network: FW_DEV_INT="eth0"
Define ports and services (see /etc/services) on the firewall that are accessed
from untrusted (external) networks such as the Internet. In this example, only Web
services are offered to the outside:
FW_SERVICES_EXT_TCP="www"
Define ports or services (see /etc/services) on the firewall that are accessed from
the secure (internal) network, both via TCP and UDP:
FW_SERVICES_INT_TCP="domain www 3128"
FW_SERVICES_INT_UDP="domain"
This allows accessing Web services and Squid (whose default port is 3128). The service
"domain" stands for DNS (domain name service). This service is commonly used.
Otherwise, simply take it out of the above entries and set the following option to no:
FW_SERVICE_DNS="yes"
The most important option is option number 15:
794
Installation and Administration
SuSEfirewall2
(page 825). Its configuration file can
Sec-