Good afternoon, I am running SuSEfirewall2 on my SuSE Linux box. I have 2 servers on our private segment. I would like to use some services of my servers from Internet (both services are the same -- ports and protocols), but I am able to redirect all trafic only to one server (with SuSEfirewall2 and FW_FORWARD_MASQ). I have enough public IP address - there is no problem but is there a possibility to arrange the same trafic to the second server? I am looking forward for prompt response. --- Se srdecnym pozdravem/Best regards Jan Dus (CNA, CNE, CNS) AG COM, a.s. Smirice Czech Republic kancelar/office +420 495 421 312 fax +420 495 421 108
* Jan Dus;
there is no problem but is there a possibility to arrange the same trafic to the second server?
I am looking forward for prompt response.
I have a draft (read incomplete ) Howto on SuSefireawll2 at http://dinamizm.ath.cx/articles:firewall2.pdf See if it helps As a side note if others can have a look and comment about it I 'will appreciate Thanks -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
* Togan Muftuoglu;
* Jan Dus;
on 08 Oct, 2002 wrote: there is no problem but is there a possibility to arrange the same trafic to the second server?
I am looking forward for prompt response.
I have a draft (read incomplete ) Howto on SuSefireawll2 at http://dinamizm.ath.cx/articles:firewall2.pdf
Sorry damn numlock decided to turn off should read http://dinamizm.ath.cx/articles/firewall2.pdf Sorry -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-----BEGIN PGP SIGNED MESSAGE----- Hi Jan!
I have enough public IP address - there is no problem but is there a possibility to arrange the same trafic to the second server?
Not as long as your firewall has only one public IP address. If you
have enough public IP addresses, masquerading is not necessary. You
could assign public addresses to your servers and use FW_FORWARD
instead of FW_FORWARD_MASQ. They will still be protected by the
firewall (i.e., only those ports you actually forward from the FW will
be reachable from the outside). I'm sure there are also other
possibilities (SNAT?).
Regards, Andy
- --
Andreas J. Mueller email:
participants (3)
-
Andreas J Mueller
-
Jan Dus
-
Togan Muftuoglu