Mailinglist Archive: opensuse-security (670 mails)

[Ralf Ronneburger <ralf@xxxxxxxxxxxxxx>]

Hi Thomas,

I used this one in my old configuration file under 7.3:

FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128"

and it worked. Try iptables -vL to find out, what SuSEFirewall comes up 
with after processing your config-file. Besides, I would not use 
"0/0,0/0" for a proxy, because you probably only want the people from 
the inside to use your proxy...

Best Regards,

Ralf


Thomas Goetz wrote:

> Hi Ralph,
>
> of course I've checked this !
>
> Regards
>  Thomas
>
>
> Ralf Ronneburger schrieb:
>
> > Hi Thomas,
> >
> > are you sure, that the firewall is running? Check that out first, try to
> > do something that's not allowed or use iptables -vL.
> >
> > Greetings,
> >
> > Ralf
> >
> > Thomas Goetz wrote:
> >
> > > Hi all,
> > >
> > > imagine a server (SuSE 7.3) at a school with diskless clients
> > (etherboot/ltsp) working on it.
> > > Internet via ippp0, ibod, iptables, SuSEFirewall2 2.0, junkbuster
> > (Port 1234)
> > > [to keep the kids away from 'junk'] chained to squid (Port 5678).
> > >
> > > Clients connected via eth0.
> > >
> > > Idea is not to allow direct http access for eth0 and local accounts,
> > all this traffic has to run
> > > through the proxy chain.
> > >
> > > Redirect-Rule in firewall2.rc.config:
> > > FW_REDIRECT="0/0,0/0,tcp,80,1234"
> > >
> > > The traffic gets not redirected, no log entries about redirect.
> > >
> > > The same thing worked on 7.0 with ipchains and firewall 1.7.
> > >
> > > Any ideas ?
> > >
> > > Thanks in advance
> > >
> > >
> >
> > --
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx