Mailinglist Archive: opensuse-security (616 mails)
| < Previous | Next > |
Re: [suse-security] Problem forwarding port
- From: Robert Klein <RoKlein@xxxxxxxxxx>
- Date: Tue, 12 Mar 2002 18:39:39 +0100
- Message-id: <E16kpG2-0005tV-00@xxxxxxxxxxxxxxxxxxxxxxxxx>
Argentium G. Tiger write:
> Robert writes:
> >Add 443 as follows:
> >
> >FW_SERVICES_EXT_TCP="22 25 53 443"
> >FW_SERVICES_INT_TCP="22 53 443"
> But those allow port 443 into the firewall itself as opposed
> to port forwarded machines on the internal network.
Ah, yes. You're right.
I forgot destination nat is done before input/forward. It's
forst destination nat, then you have a packet for 192.168.0.2,
which gets into the FORWARD chain, while FW_SERVICES_* are for
the INPUT chain only.
Thanks for the remainder.
Robert
> Robert writes:
> >Add 443 as follows:
> >
> >FW_SERVICES_EXT_TCP="22 25 53 443"
> >FW_SERVICES_INT_TCP="22 53 443"
> But those allow port 443 into the firewall itself as opposed
> to port forwarded machines on the internal network.
Ah, yes. You're right.
I forgot destination nat is done before input/forward. It's
forst destination nat, then you have a packet for 192.168.0.2,
which gets into the FORWARD chain, while FW_SERVICES_* are for
the INPUT chain only.
Thanks for the remainder.
Robert
| < Previous | Next > |