AW: [suse-security] No access to Apache behind SuSEfirewall2
cut eth1 is connected to a Hadrwarerouter with a LAN-interface (ip = 192.168.0.2) and a WAN-Interface for a dynamic IP-adress. All clients from the internal net can acces to the Internet via squid-proxy on the Linux-Server. But wenn I try to access the Apache webserver on my Linuy-Server from the Internet I get the following log-messages:
....kernel: SUSE-FW-UNAUTHORIZED-TARGED IN=eth1 OUT=MAC=...... SRC='dynamic IP' DST=192.168.12.80 .......
SuSEfirewall2 is configured as following:
Hi, perhaps it isn´t a problem of your linux-server. Is it possible taht there is also a firewall in the hardware-router?
Hi,
....kernel: SUSE-FW-UNAUTHORIZED-TARGED IN=eth1 OUT=MAC=...... SRC='dynamic IP' DST=192.168.12.80 .......
SuSEfirewall2 is configured as following:
Hi, perhaps it isn´t a problem of your linux-server. Is it possible taht there is also a firewall in the hardware-router?
forwarding of http-access through your hardware router seems o.k and reaches your server. Your MASQ-rule FW_MASQ_NETS="0/0" is not clear for me. You could try 192.168.12.0/24. Masquerading of the external interface isn't what you really want. Please send the uncutted kernel message, is there a port listed? Frank
V. Lieder schrieb:
cut
eth1
is connected to a Hadrwarerouter with a LAN-interface (ip = 192.168.0.2) and a WAN-Interface for a dynamic IP-adress. All clients from the internal net can acces to the Internet via squid-proxy on the Linux-Server. But wenn I try to access the Apache webserver on my Linuy-Server from the Internet I get the following log-messages:
....kernel: SUSE-FW-UNAUTHORIZED-TARGED IN=eth1 OUT=MAC=...... SRC='dynamic IP' DST=192.168.12.80 .......
SuSEfirewall2 is configured as following:
Hi, perhaps it isn´t a problem of your linux-server. Is it possible taht there is also a firewall in the hardware-router?
No, that is not possible. If I stop SuSEfirewall2 I can access my webserver from the Internet via the Hardware-Router and I have no messages at the log-message-file. After restarting the firewall on the Linux-Server I don't have access to the webserver from the Internet. Peter ______________________________________ Inflex - installed on mailserver for domain @inis.inf Queries to: postmaster@inis.inf
participants (3)
-
Dr. Peter Bast -
Frank Stuehmer -
V. Lieder