Mailinglist Archive: opensuse-security (616 mails)
| < Previous | Next > |
Re: [suse-security] SuSEfirewall2 and viewing your own internal web site.
- From: "Michael Stern" <mhstar@xxxxxx>
- Date: Fri, 8 Mar 2002 09:49:08 +0100
- Message-id: <001801c1c67e$1ca79c10$0101a8c0@arbeitsraum>
it may also be a TCPIP/NAT issue, not necessarily the firewall.
regards,
michael
----- Original Message -----
From: "James Bliss" <bliss@xxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Friday, March 08, 2002 5:36 AM
Subject: Re: [suse-security] SuSEfirewall2 and viewing your own internal web
site.
> This has been an ongoing conversation on the SLE mailing list off and on.
> This is an issue with the anti-spoofing rules with the firewall2
configuration
> (a valid security implementation by the way)
>
> First off. we need a view of what the following command provides:
> grep -v ^# /etc/rc.config.d/firewall2.rc.config
>
> Also, I would suggest adding:
> At the end of firewall2.rc.config:
> Section 25. )
>
> FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config"
>
> Then in firewall2-custom.rc.config:
> In the fw_custom_before_antispoofing() section add:
> iptables -A INPUT -i <external interface, such as eth0> -s <internal network
> range, such as 192.168.1.0/24> -d (external IP address> -j ACCEPT
>
> This line should look like:
> iptaqbles -A INPUT -i eth0 -s 192.168.1.0/24 -d 1.1.1.1 -j ACCEPT
> 192.169.1.0 should be your internal address range with a 0 at the end.
> 1.1.1.1 should be the IP address of you external interface.
>
> Then let us know what your resolution is. And we can proceed from there.
>
> (Thanks Togan for the grep command, that is very useful).
>
> Jim
>
regards,
michael
----- Original Message -----
From: "James Bliss" <bliss@xxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Friday, March 08, 2002 5:36 AM
Subject: Re: [suse-security] SuSEfirewall2 and viewing your own internal web
site.
> This has been an ongoing conversation on the SLE mailing list off and on.
> This is an issue with the anti-spoofing rules with the firewall2
configuration
> (a valid security implementation by the way)
>
> First off. we need a view of what the following command provides:
> grep -v ^# /etc/rc.config.d/firewall2.rc.config
>
> Also, I would suggest adding:
> At the end of firewall2.rc.config:
> Section 25. )
>
> FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config"
>
> Then in firewall2-custom.rc.config:
> In the fw_custom_before_antispoofing() section add:
> iptables -A INPUT -i <external interface, such as eth0> -s <internal network
> range, such as 192.168.1.0/24> -d (external IP address> -j ACCEPT
>
> This line should look like:
> iptaqbles -A INPUT -i eth0 -s 192.168.1.0/24 -d 1.1.1.1 -j ACCEPT
> 192.169.1.0 should be your internal address range with a 0 at the end.
> 1.1.1.1 should be the IP address of you external interface.
>
> Then let us know what your resolution is. And we can proceed from there.
>
> (Thanks Togan for the grep command, that is very useful).
>
> Jim
>
| < Previous | Next > |