Mailinglist Archive: opensuse-security (757 mails)
| < Previous | Next > |
Firewall2 configuration
- From: James Bliss <bliss@xxxxxxxxx>
- Date: Tue, 08 Jan 2002 19:42:33 -0600
- Message-id: <RN1Y8OJGB6EOLYT08D3XLHV62KF.3c3ba009@familyroom>
Hello everyone,
I had thought that I was very familiar with SuSEfirewall2 and configuring it. But, I have
run into a problem which I have not been able to come up with a solution for.
I have included:
iptables -A INPUT -i eth1 -s <internal IP range> -d <external IP address of eth1> -j
ACCEPT
this is in the fw_custom_before_antispoofing() section of the firewall2-custom.rc.config
file.
I have written an applet which needs to communicate on a port other than normal http,
currently I have it coded to connect using port 7000. I am not able to connect using this
applet from my internal machines attempting to connect to the external IP address of my
server. Can anyone tell me where I need to put a rule to allow this (the proper place). I
had thought the above code would handle this but it does not allow for connections from
internal boxes to the external IP address of the server for higher ports.
Thanks for everyone's help.
Jim
I had thought that I was very familiar with SuSEfirewall2 and configuring it. But, I have
run into a problem which I have not been able to come up with a solution for.
I have included:
iptables -A INPUT -i eth1 -s <internal IP range> -d <external IP address of eth1> -j
ACCEPT
this is in the fw_custom_before_antispoofing() section of the firewall2-custom.rc.config
file.
I have written an applet which needs to communicate on a port other than normal http,
currently I have it coded to connect using port 7000. I am not able to connect using this
applet from my internal machines attempting to connect to the external IP address of my
server. Can anyone tell me where I need to put a rule to allow this (the proper place). I
had thought the above code would handle this but it does not allow for connections from
internal boxes to the external IP address of the server for higher ports.
Thanks for everyone's help.
Jim
| < Previous | Next > |