Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual page 816

41.5.2 Firewall Configuration with
Now redirect all incoming requests via the firewall with help of a port forwarding rule
to the Squid port. To do this, use the enclosed tool SuSEfirewall2, described in Sec-
tion 43.4.1, "Configuring the Firewall with YaST" (page 829). Its configuration file can
be found in /etc/sysconfig/SuSEfirewall2. The configuration file consists
of well-documented entries. To set a transparent proxy, you must configure several
firewall options:
• Device pointing to the Internet: FW_DEV_EXT="eth1"
• Device pointing to the network: FW_DEV_INT="eth0"
Define ports and services (see /etc/services) on the firewall that are accessed
from untrusted (external) networks such as the Internet. In this example, only Web
services are offered to the outside:
FW_SERVICES_EXT_TCP="www"
Define ports or services (see /etc/services) on the firewall that are accessed from
the secure (internal) network, both via TCP and UDP:
FW_SERVICES_INT_TCP="domain www 3128"
FW_SERVICES_INT_UDP="domain"
This allows accessing Web services and Squid (whose default port is 3128). The service
"domain" stands for DNS (domain name service). This service is commonly used.
Otherwise, simply take it out of the above entries and set the following option to no:
FW_SERVICE_DNS="yes"
The most important option is option number 15:
798 Installation and Administration
SuSEfirewall2