SuSEfirewall2 config question
Hi, How do I get access to my own webserver from internal via the normal DNS lookup http://mydomain.com ? My setup: FW_DEV_EXT="eth2" is external, masqueraded to my IP adress FW_DEV_DMZ="eth1" is dmz, 10.0.0.0/8 with a webserver in the dmz FW_DEV_INT="eth0" is internal 192.168.1.0/24 FW_ROUTE=yes FW_MASQUERADE="yes" Internal network has full access to internet: FW_MASQ_NETS="192.168.1.0/24" External traffic is allowed to the webserver: FW_FORWARD_MASQ="0/0,10.0.0.2,tcp,80 When I add a rule to FW_FORWARD="192.168.1.0/24,10.0.0.2,tcp,80" as suggested with option 14 I can get access from internal to webserver by going directoy to the 10.0.0.2 addres but this is not what I want. The explanation with Conf option 14 does not help me out here . Log says: SuSE-FW-ACCCESS_DENIED_INT - jaap noordzij smokejumper at chello.nl
* Jaap Noordzij;
Hi,
How do I get access to my own webserver from internal via the normal DNS lookup http://mydomain.com ?
Log says: SuSE-FW-ACCCESS_DENIED_INT
You will need to add a rule (or rules) to /etc/sysconfig/scripts/SuSEfirewall2-custom. In fw_custom_before_antispoofing(), add: iptables -A INPUT -i eth0 -s 192.168.1.0/24 -d External_IP/MASK -j ACCEPT You can also add "destination port" and protocol to tighten this hole a little bit -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
participants (2)
-
Jaap Noordzij
-
Togan Muftuoglu