Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.


Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.


Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.


Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Networking

Opening Custom Ports in SuSE Firewall

Submitted by on March 4, 2011 – 2:18 pm 6 Comments

Most of the servers I work with are already behind an enterprise firewall, so I rarely get to configure a software firewall. In the following example, I installed Webmin and Usermin on a SLES 11 server that had SuSE firewall enabled. Webmin and Usermin by default use ports 10000 and 20000, respectively. These ports are not in the list of common services you would find in the SuSE firewall configuration GUI. There are a couple of ways of adding custom ports to the list of the allowed services. The simplest way is to directly edit the SuSE firewall configuration file:


You will need to add the following two values:

FW_SERVICES_EXT_TCP="10000 20000"
FW_SERVICES_EXT_UDP="10000 20000"

Here’s what the relevant section of the SuSEfirewall2 file looks like:


After you updated the SuSEfirewall2 file, you will need to restart the firewall with the following command:

/etc/init.d/SuSEfirewall2_init restart

Another way of making this change is to go through YaST. At the command prompt type “yast” and follow the screenshots below:





Once you click “Finish”, the firewall will be automatically restarted.

Print Friendly, PDF & Email


  • nothin_nyce1 says:

    I’m setting up a webserver and need to know what I should use to connect my main server to the 3 storage servers.

    Files will need to be able to be seen by apache, and be downloaded by clients, and files must be able to be add through ftp by clients.

    Should I use a Switch or a router?

    I just want to be sure that, so I don’t spend/waste money on parts that will be useless for my needs.

    Each storage Server has it’s own Motherboard with onboard Video/Audio/Lan. They have a single 80gb hard drive for the linux OS, and they have 4 500GB drives for storage.

    My Current Setup:

    [Hardware Firewall]
    [4-Port Router]—[Other Computers]
    [Main Server]
    [??? ROUTER OR SWITCH ???]
    [SS1][SS2][SS3](Storage Servers)

    Thats my current setup, UP TO the [??? ROUTER OR SWITCH???], what should go there?

    I will be using Linux for the OS, either SUSE or Red Hat, not for sure yet.

    Thank You in Advance!
    Thank You for the quick reply.

    Just two more questions.

    The idea of the Dual Port with dual nic cards, sounds like its going to be very interesting, I like it though, seems that it will be nearly hack proof!

    Just to make sure it will still work, the storage servers have 4 individual drives connected by sata300 in a JBOD config.

    The ftp server I will be using is “Pure FTPd” its open source and works with linux, and seems to be idiot proof as well.

    So, just to make sure I’m understanding this right

    Use Dual Nic’s One card connects to my router, and the other connects to my switch, which also has all my connections for my storage servers.

    Question about a ftp server

    Is there any way that if a client uploads a file that starts with “A” it goes to Server 1 Drive 1, and if they upload a file that starts with “G” it goes to Server 2 Drive 7?

    Server 1
    abcd — File begins with
    1234 — File goes to drive #

    Server 2

    See what I want to do, maybe?

  • PolishPokeyPimp says:


    I’m a Linux newbie crossing over from the Windows world. I just set up a server with SUSE Linux 10.2, SQUID 2.6? (the newest), and DansGuardian for filtering. I’m trying to setup a second NIC for use with the DHCP Server which I’ve installed under YaST. The second NIC connects to a wireless AP which will assign IPs to various laptops which must be filtered. The laptops are getting an IP address, and can browse the web if I turn on ‘masquerading’ at the SUSE firewall. However, they are not filtered. I would like all web requests to forward to port 8080 of Dansguardian, but don’t know how. I figured it should be in the ‘masquerading’ section of the SUSE firewall, but I can’t get it to work. If I put in – port 8080 under the proxy settings on the client, then browsing is filtered. So, everything is in place, but I don’t want to enter the proxy settings and still have it filtered. In other words, all requests should forward to 8080.

    Thanks for any help….

  • che-che says:

    What I’m trying to do is set up ssh server on my own computer so I can access it remotely. I’ve had SuSE before and now I switched fo Fedora. I’ve set up SSHD and works on port 2222, router is configured to forward port 22 to port 2222, but it doesn’t work. I’ve tried with account and accessing by IP. It just doesn’t work. Can anybody help?
    Oh and the router that I use is Thomson ST-780.

  • everydayGuitarist says:

    Server and client are both Suse Enterprise Server 9. The “client” server has correctly established a tunnel (i.e. both server and client have tun0 interface with an address. They just can’t ping each other.

    I’ve disabled the firewall (iptables) so that’s not getting in the way. Any ideas?

  • ttocs says:

    Hi linux users, i am having a bit of a problem with my SuSE linux 9.2.
    I have a wireless card on my laptop and the ipw-firmware installed on linux. Wireless used to work perfectly without any problem. It used to detect the wireless networks and connect to the open network at university and i was able to use the internet. Now for some reason, i still do get the IP address by DHCP but internet doesn’t work and i cannot ping even the broadcast address. I tried local area network with wired cat5 cable connecting 2 laptops, set the IP manually or automatically by DHCP, i am able to ping but i can’t access the web. I have apache server on linux and connected with windows laptop. I can ping from windows to linux but can’t access the apache using

    Please guide me where i am going wrong.


  • musicistabest says:

    Hello – I have installed the latest version of SUSE Linux as a clean install; the original version (was much older from about 2002) could see the same Windows Workgroup, connect to Win shares and vice-versa.

    WIth the new version, I can see the LINUX server appear in my WORKGROUP, but when I try to connect to the shares which I have setup – it asks for user/pass. I try every combination from the ‘root’ password to an admin account password. I turned off the LINUX (and Windows) firewalls. The Shares (on LINUX) are setup in YAST. One XP computer and connect to the Vista computer using shares (and vice-versa); but, when the LINUX/Samba server enters the picture, LINUX reports “Timeout on WORKGROUP” and cannot see the Windows Shares. Again, Windows computers can see the LINUX Shares, but just cannot connect to them regardless of the password/name combos I have tried. The LINUX computer can browse Internet, etc and the router sees the IP/Mac address of the LINUX box. THANKS in advance.
    IP is setup correctly – as I mentioned, I can browse the web on the LINUX system and all Windows computers can see (browse) the LINUX shares; they just cannot connect to them and vice-versa.

Leave a Reply

%d bloggers like this: