Mailinglist Archive: opensuse (2008 mails)

[Anders Johansson <ajohansson@xxxxxxx>]

On Sunday 19 April 2009 17:36:59 LLLActive@xxxxxxx wrote:
> Actually, my problem is as follows:
>
> I have DynDNS to a SuSEfirewall2 running Apache2. I have a webpage on
> it. I now want to put a link in this webpage to a machine with a private
> IP in the DMZ, that should open up in a browser.

OK, I think I see your problem.

You can't use the internal IP address in the DMZ from an external machine. 
What FW_FORWARD_MASQ does is transparently forward requests to internal 
machines that arrive on the firewall. So with the rule

0/0,192.168.176.10,tcp,80

if you access port 80 on the firewall machine, it will send it on to 
192.168.176.10 as it if was handling it itself.

If you have two web servers, one directly on the firewall and the other in the 
DMZ, then the only way to do this is to use a different port. Say a rule like

0/0,192.168.176.10,tcp,81,80

This will forward requests made to the firewall IP on port 81 to the machine 
in the DMZ on port 80. Any links you have then will have to be to the firewall 
machine's port 81

Anders
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx