Mailinglist Archive: opensuse-security (511 mails)
| < Previous | Next > |
[suse-security] SuSEfirewall2 v1.6 question? FAQ?
- From: "Tall0n" <list@xxxxxxxxxxxxx>
- Date: Sun, 26 Aug 2001 18:45:38 -0400
- Message-id: <200108262245.f7QMjcr02911@xxxxxxxxxxxxxxxxxxxx>
Ok...Maybe I'm not getting something. I have a SuSE 7.2 machine with 2
network cards. eth0 is world device (Real Static IP) and eth1 (Private
Static IP) is internal device. Masquerading is happening for machines on the
internal network.
Everything is working fine. Masquerading works. Internal machines can get
to the outside world. The outside world can only get to the services that
are open on the firewall. All is good.
BUT,
The SuSE machine is a webserver, gameserver, etc... and there is a need for
internal machines to access services on the world device (eth0), however,
they can't. For example, if an internal machine tries to get a webpage from
the webserver and uses the Internal address on the webserver, everything
works fine. But if you try and get the same page using the external address,
nothing works.
In the firewall2.rc.config file, I have www listed in both the
FW_SERVICES_EXT_TCP and FW_SERVICES_INT_TCP. However I always get a message
in the /var/log/firewall log saying that it denied a request on eth1 for
DPT=80.
What am I missing? Losing hair...hehehe
TIA,
Tall0n
--
GregWorld.com
network cards. eth0 is world device (Real Static IP) and eth1 (Private
Static IP) is internal device. Masquerading is happening for machines on the
internal network.
Everything is working fine. Masquerading works. Internal machines can get
to the outside world. The outside world can only get to the services that
are open on the firewall. All is good.
BUT,
The SuSE machine is a webserver, gameserver, etc... and there is a need for
internal machines to access services on the world device (eth0), however,
they can't. For example, if an internal machine tries to get a webpage from
the webserver and uses the Internal address on the webserver, everything
works fine. But if you try and get the same page using the external address,
nothing works.
In the firewall2.rc.config file, I have www listed in both the
FW_SERVICES_EXT_TCP and FW_SERVICES_INT_TCP. However I always get a message
in the /var/log/firewall log saying that it denied a request on eth1 for
DPT=80.
What am I missing? Losing hair...hehehe
TIA,
Tall0n
--
GregWorld.com
| < Previous | Next > |