Need help with SuSEfierwall2 configuration

I’m not sure if this should be posted here or in the Configure/Adminster forum, but here goes.

I have several database servers running SLES 11 SP3 on System z that are in a DMZ. The servers are in a DMZ for PCI compliance and are protected via SuSEfirewall2. in order to lock down access to the server I need to utilize the FW_TRUSTED_NETS= parameter, as much as possible, for opening ports.

The problem that I’m having is that I need to open port 52311 (TCP and UDP) for Big Fix access to the servers. If /etc/sysconfig/SuSefirewall2 contains

[CODE]FW_SERVICES_EXT_TCP=“ssh 523 60000”

FW_SERVICES_EXT_UDP=""

FW_TRUSTED_NETS=“10.17.1.155,tcp,111 10.17.1.155,udp,111 10.17.1.155,tcp,2049 10.17.1.155,udp,2049 10.17.1.155,tcp,32765 10.17.1.155,udp,32765 10.17.1.155,tcp,32766 10.
17.1.155,udp,32766 10.17.1.155,tcp,32767 10.17.1.155,udp,32767 10.17.110.81,tcp,9090 10.78.45.73,tcp,8080 10.78.45.73,udp,8080 10.78.45.73,tcp,9898 10.78.45.73,udp,9898
10.78.115.64,tcp,52311 10.78.115.64,udp,52311 10.78.115.65,tcp,52311 10.78.115.65,udp,52311 10.78.115.66,tcp,52311 10.78.115.66,udp,52311 10.78.115.67,tcp,52311 10.78.
115.67,udp,52311 10.78.115.68,tcp,52311 10.78.115.68,udp,52311 10.78.115.79,tcp,52311 10.78.115.79,udp,52311 10.80.53.169,tcp,52311 10.80.53.169,udp,52311 10.206.7.0/24
,tcp,9090 10.206.10.0/24,tcp,9090 10.206.11.0/24,tcp,9090 10.218.191.0/24,tcp,9090 10.218.220.0/24,tcp,9090 10.218.240.0/22,tcp,9090 10.225.138.0/23,tcp,9090 10.230.0.0
/18,tcp,9090 10.230.64.0/19,tcp,9090”[/CODE]

the Big Fix console issues an ‘Important’ task for the server “SuSE Firewall is Blocking BES Traffic - BES Client …”.

Note that there isn’t a DROP message in firewall log for port 52311.

If I modify the parameters FW_SERVICES_EXT_TCP= and FW_SERVICES_EXT_UDP= and add 52311, the ‘Important’ task is eliminated.

Does anyone have any thoughts as to why Big Fix is saying that the port is closed when the firewall isn’t showing any indication that it is closed?

x0500hl wrote:
[color=blue]

Does anyone have any thoughts as to why Big Fix is saying that the
port is closed when the firewall isn’t showing any indication that it
is closed?[/color]

By default, everything is blocked (closed) unless it is specifically
permitted. It wouldn’t make sense to log every attempted access that is
blocked.


Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…