Hi all,
I have a very serious problem with SuSEfirewall2 running on a SuSE 7.2 machine. Our network setup is as follows:
[external] Firewall1 [dmz] Firewall2 [internal]
212.189.x.x|----------| 195.145.y.y |------------|192.168.z.z -----------------------------| |------------------------------|
|--------------
eth1|----------|eth0 eth1|------------|eth0
Firewall2 is working fine thanks to masquerading. The problem with Fw1 is that it won't route packages sent from the dmz or the internal network to the internet. Allowing the internet access to servers in the dmz is no problem but the other way round it simply won't work. I'll paste the settings from my firewall2.rc.config:
FW_DEV_EXT="eth1"
FW_DEV_DMZ="eth0
FW_ROUTE="yes"
FW_MASQUERADE="no"
FW_AUTOPROTECT_SERVICES="yes
FW_SERVICES_EXT_TCP="53 25 ssh" FW_SERVICES_EXT_UDP="53 25 ssh"
# Common: smtp domain FW_SERVICES_DMZ_TCP="ssh 53 25 # Common: domain FW_SERVICES_DMZ_UDP="ssh 53 25 FW_TRUSTED_NETS=""
FW_SERVICE_AUTODETECT="no" FW_SERVICE_DNS="yes" #DMZ FORWARDS FW_FORWARD="0/0,195.145.238.0/24,tcp,80 0/0,195.145.238.0/24,udp,80"
all other things are left untouched.
In die /var/log/firewall are messages like
Aug 22 18:00:02 mail kernel: SuSE-FW-DROP-DEFAULTIN=eth0 OUT=eth1 SRC=195.145.238.x DST=194.246.y.y LEN=59 ...
I want to allow machines in the dmz to access all machines in the internet without restrictions. How do I do this? What's wrong in my config?
Thanks in advance
Cheers
Ulv Have you configure routing on the firewalls and on the servers in the DMZ. (I mean, do the servers in the DMZ know, which gateway to use if they send a
Am Mittwoch, 22. August 2001 20:44 schrieb Ulv Michel: packet to the internet) route add -net 192.168.0.0 netmask 255.255.0.0 gw Firewall2 route add default Firewall1 HTH Guido -- ----------------- Guido Tschakert SRC GmbH, SysAd -----------------