On Friday 15 June 2001 00:09, linux wrote:
Hi,
I'm using SuSEfirewall2 1.0 in a SuSE 7.1 kernel 2.4.2, the machine is the firewall for a private lan using masquerading to reach the internet.
The problem is:
Internal machines can't connect to ports on the external address of the firewall. If I try these ports from outside, it works ok.
Example : firewall eth1 - external ip 1.2.3.4 eth0 - internal ip 172.16.0.1
if I try to get mail from 172.16.0.3 this is the log in /var/log/firewall: SuSE-FW-UNALLOWED-TARGETIN=eth0 OUT= MAC=00:80:ad:09:0b:38:00:48:54:62:d9:ed:08:00 SRC=172.16.0.3 DST=1.2.3.4 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=26274 DF PROTO=TCP SPT=1908 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
/etc/rc.config.d/firewall2.rc.config has this line : FW_SERVICES_EXT_TCP="ssh smtp pop3 domain www"
Do you have FW_SERVICES_INT_TCP set as well? This variable defines which services should be available on the firewall machine for hosts on the internal network
The masquerading works to any other host without a charm, except for the external ip of the firewall. Previously we were using SuSefirewall on a SuSE 6.4 and this thing worked. There are laptop users that try to get mail from inside or outside and this problem is very annoying.
Is SuSEfirewall2 doing this on purpose ?
Thanks,
Regards Anders