Hi Daryl,
I just read your post about NAT (OP from FW). For a while I was thinking how I could forward some ports. I think you gave the answer. My procedure : set FW_ROUTE to "yes" set FW_FORWARD : "192.168.10.0/24,
,tcp, " This will forward network traffic without doing any masquerading; if you want to allow external systems to access things like a web server, but
On 20/04/06 09:26, Koenraad Lelong wrote: that server is on a private IP inside your LAN, you need to use FW_FORWARD_MASQ instead.
If I do this I think I would be able to access a samba-server from the outside. Before you say "don't do this, security" I will add that between the Suse-machine and the 'net I have a VPN router/firewall. The other side of the VPN tunnel will have net-address 192.168.10.x. I think this is a secure setup. I hope you can confirm this.
A VPN is really just a connection between two private networks, with the added twist that at one point, the traffic between the two must travel on the internet. I have no experience with a VPN, so I cannot say for sure if using FW_FORWARD is correct. With the information given for that variable (see /etc/sysconfig/SuSEfirewall2), I would think it is not: "With this option you may allow access to e.g. your mailserver. The machines must have valid, non-private, IP addresses which were assigned to you by your ISP. This opens a direct link to the specified network, so please think twice befor using this option!"