Hello Uli, I present to you following porblem I haven't closed succesfully: Configuration: ========== Internal <---> Firewall (SuSE8.0) <---> Internet <---> Client Web Server (int_dev: 10.3.1.10) (10.3.1.34) (ext_dev: x.y.z.a) Well, certain client shall connect to the internal Web server to make use of a data base application. The Client should give the ext_dev ip address and the desired port to connect, i.e. http://x.y.z.a:5678 The request should pass through the firewall and be redirected straight to the webserver 10.3.1.34 .(port 80) I tried different configuration examples without success. Have you any experience wuthin? SuSEfirewall Configuration =================== (This configuration uses port 80 and not the desired high port 5678) FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="10.3.0.0/16" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="25 53 80" FW_SERVICES_EXT_UDP="53" FW_SERVICES_INT_TCP="25 53 80" FW_SERVICES_INT_UDP="53" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_DNS="yes" FW_FORWARD="0/0,x.y.z.a,tcp,80 x.y.z.a,10.3.1.34,tcp,80 0/0,10.3.1.34/255.255.255.255,tcp,80" # FW_REDIRECT="10.3.0.0/16,0/0,tcp,53,53 10.3.0.0/16,0/0,tcp,25,25 10.3.0.0/16,0/0,udp,53,53 10.3.1.34,0/0,tcp,80,80" =========================================================== Thanks in advance for any further help you could provide me.
-----BEGIN PGP SIGNED MESSAGE----- Hi René!
The request should pass through the firewall and be redirected straight to the webserver 10.3.1.34 .(port 80)
FW_FORWARD="0/0,x.y.z.a,tcp,80 x.y.z.a,10.3.1.34,tcp,80 0/0,10.3.1.34/255.255.255.255,tcp,80"
FW_FORWARD is for forwarding to public IP address in the DMZ/internal
net only. What you probably want (since you are masquerading the
10.3.0.0/16 net) is
FW_FORWARD_MASQ="0/0,10.3.1.34,tcp,5678,80"
This will reverse masquerade incoming requests to port 5678 on your
public IP and forward them to port 80 on your web server.
Regards, Andy
- --
Andreas J. Mueller email:
participants (2)
-
Andreas J Mueller
-
René Garizzao