No access to Apache behind SuSEfirewall2
Hi, I have a small network with a Linux-Server (SuSE 8.0) with SuSEfirewall2. The server has a internal Interface eth0 (ip = 192.168.12.80) and an external interface eth1 (ip = 192.168.0.3). eth1 is connected to a Hadrwarerouter with a LAN-interface (ip = 192.168.0.2) and a WAN-Interface for a dynamic IP-adress. All clients from the internal net can acces to the Internet via squid-proxy on the Linux-Server. But wenn I try to access the Apache webserver on my Linuy-Server from the Internet I get the following log-messages: ....kernel: SUSE-FW-UNAUTHORIZED-TARGED IN=eth1 OUT=MAC=...... SRC='dynamic IP' DST=192.168.12.80 ....... SuSEfirewall2 is configured as following: FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="no" FW_SERVICES_EXT_TCP="21 53 http https pop3 pop3s smtp telnet" FW_SERVICES_EXT_UDP="53" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="25 53 80 110 137 3128" FW_SERVICES_INT_UDP="53 137" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes" I hope every body can help me Thanks Peter ______________________________________ Inflex - installed on mailserver for domain @inis.inf Queries to: postmaster@inis.inf
Dr. Peter Bast wrote:
Linux-Server. But wenn I try to access the Apache webserver on my Linuy-Server from the Internet I get the following log-messages:
....kernel: SUSE-FW-UNAUTHORIZED-TARGED IN=eth1 OUT=MAC=...... SRC='dynamic IP' DST=192.168.12.80 .......
'grep -B 1 UNAUTHORIZED /sbin/SuSEfirewall2' | # anything which is now not in the input_* chains is evil | test -z "$LDC" -o -z "$LDA" && $IPTABLES -A INPUT -j LOG | ${LOG}"-UNAUTHORIZED-TARGET " | $IPTABLES -A INPUT -j "$DROP"
SuSEfirewall2 is configured as following: FW_SERVICES_EXT_TCP="21 53 http https pop3 pop3s smtp telnet"
is access to ftp and dns possible? perhaps a problem with your /etc/services? micha
-----BEGIN PGP SIGNED MESSAGE----- Hi Peter!
SuSEfirewall2. The server has a internal Interface eth0 (ip = 192.168.12.80) and an external interface eth1 (ip = 192.168.0.3). eth1 is connected to a Hadrwarerouter with a LAN-interface (ip = 192.168.0.2)
....kernel: SUSE-FW-UNAUTHORIZED-TARGED IN=eth1 OUT=MAC=...... SRC='dynamic IP' DST=192.168.12.80 .......
This looks like you are trying to route external traffic through your
hardware router to the firewall's *internal* interface, which is not
allowed. Try to route the traffic to your *external* interface (IP
192.168.0.3). How is your hardware router configured (e.g., is it
doing masquerading)?
Regards, Andy
- --
Andreas J. Mueller email:
participants (3)
-
Andreas J Mueller
-
Dr. Peter Bast
-
Michael Meyer