David Efflandt wrote:
> I have never seen that response and I am using SuSE 8.2 as my pppoe
> firewall/masq. If it was just to internet I would say maybe your ISP was
> blocking ping,

Ping works from my windows computers. I don't think it's an ISP issue, and
by the way here's an interesting tidbit: Pinging my IP addy from my ISP
shell account gets no response, timeouts. Of course that could be from
SuSE default firewalls or something, I have no idea.

> but since you cannot ping your LAN either,

Actually the inability to ping over the LAN isn't necessarily the result of
the same problem - the LAN setup is not done. I'm hoping maybe the
solution to this ping problem will be the solution to my LAN problems as
well.

> it may be
> something in /etc/sysconfig/SuSEfirewall2 (unless you configured your own
> iptables rules). But that would be strange too because iptables normally
> drops traffic it blocks, rather than respond with an error.

I haven't touched iptables yet.

> Are you using FW_QUICKMODE? Do you have any trouble with web access or
> anything else from LAN?

FW_QUICKMODE is "no." I haven't touched SuSEfirewall2. I haven't been able
to set up the LAN yet, partially because I can't test it with ping. I
installed linux for the first time at the beginning of this week, so I'm
really still learning the basics.

> I am not using quickmode, but even though I have following set to drop
> pings initiated from internet, I can still ping internet hosts from LAN,
> or either way from firewall:
>
> FW_ALLOW_PING_FW="no"
> FW_ALLOW_PING_DMZ="no"
> FW_ALLOW_PING_EXT="no"

Here's what I have, I include the full uncommented SuSEfirewall2 at the end
of my message:
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"

Though I'm not sure I understand the difference between EXT and FW (isn't
the whole point that everything from outside (EXT) goes through the
firewall(FW)?), I don't think any of these options would cause my problem
(?) Since they are allowing or disallowing pings from the outside, not the
inside. Sidenote--If I want to be able to ping my linux box from the LAN,
should I set them all to "yes"?

Also, a general question about these configuration files: After editing
them, how do I apply the changes? I assume I don't need to reboot since
Linux is all about uptime and such, but I often update config's and don't
know how to apply the changes without rebooting (eg. when changing my eth0
IP address).

I will say, there is quite a steep learning curve on this operating system.
If I weren't still on Christmas break from college I'd never have time to
bother with all this stuff.



SuSEfirewall2 with most comments taken out:
FW_QUICKMODE="no"
FW_DEV_EXT=""
FW_DEV_INT=""
FW_DEV_DMZ=""
FW_ROUTE="no"
FW_MASQUERADE="no"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS=""
FW_PROTECT_FROM_INTERNAL="yes"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP=""
FW_SERVICES_EXT_UDP="" # Common: domain
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_UDP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
SuSE-FW"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
# END of /etc/sysconfig/SuSEfirewall2
# EXPERT OPTIONS - all others please don't change these! #
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="no"
FW_CUSTOMRULES=""
FW_REJECT="no"
FW_HTB_TUNE_DEV=""