Prev: One-click install has stopped working
Next: 11.2 root screen - no 'bombs'
From: Gilbert on 25 Nov 2009 04:28
Hi

SWMBO's laptop is running OpenSuse 11.1 64 bit with a
wireless connection. She uses her laptop for work during the
day, hence the wireless network card is assigned to the
external zone with nothing other than sshd enabled (so I can
get to it when she needs something configured to connect to a
resource on the work network).

However, when she is at home, she needs to share the
resources of the home network which now includes a network
attached scanner using saned. I can't find way of enableing
saned in the Yast firewall external zone configuration, and
from what I found googling for setup instructions, I'm not
sure that I want to.

So what I would like to do is to somehow configure her
machine so that when the system recognizes the home router,
it uses the internal zone firewall rules and for anything
else, it uses the external zone definition. Is this possible,
and if so, are there any "HowTos" available?

Regards
From: Mark Draheim on 25 Nov 2009 03:39
Gilbert wrote:

> However, when she is at home, she needs to share the
> resources of the home network which now includes a network
> attached scanner using saned. I can't find way of enableing
> saned in the Yast firewall external zone configuration, and
> from what I found googling for setup instructions, I'm not
> sure that I want to.

uhm, if you know the port then it's just a matter of punching a hole
into the firewall. You can do that in the firewall configuration setup
under "advanced" or whatever the button is called

> So what I would like to do is to somehow configure her
> machine so that when the system recognizes the home router,
> it uses the internal zone firewall rules and for anything
> else, it uses the external zone definition. Is this possible,
> and if so, are there any "HowTos" available?

either you do some scripting that checks the MAC of the home router
and then disables the firewall (write an initscript to do this) or
check out yast's profile manager. Personally, I think this is overkill
for the thing you want. Anyway, do you have special reasons for
running a firewall in the first place? There's no firewall running on
any of my computers, be it laptop or desktop.

cheers

Mark





From: Günther Schwarz on 25 Nov 2009 15:44
Gilbert wrote:

> So what I would like to do is to somehow configure her machine so that
> when the system recognizes the home router, it uses the internal zone
> firewall rules and for anything else, it uses the external zone
> definition. Is this possible, and if so, are there any "HowTos"
> available?

Documentation for the SUSE ipfilter can be found in
/usr/share/doc/packages/SuSEfirewall2/
One simple way to allow for a single machine is to add it's IP address to
FW_TRUSTED_NETS in /etc/sysconfig/SuSEfirewall2. But this does not verify
that the IP address matches the host. The rule will be set in any network.
SUSE used to support SCPM in order to manage different environments for
mobile computers. This might be handy for this problem.
man scpm
Adding a script that verifies a specific host in the network with a key
pair and then switches the configuration will be almost trivial.

Günther
 | 
Pages: 1
Prev: One-click install has stopped working
Next: 11.2 root screen - no 'bombs'