On Thu, 30 May 2002 chemiegott@gmx.net wrote:
With the old configurations, the Users inside my LAN (IP: 192.168.0.x) were able to connect the server (IP: 192.168.0.100 internal, IP:196.123.22.100 external) directly without a proxy or anything else. With the upgrade this is not possible anymore, but i don't want to change anything on the workstations.
Do you have any idea, how the Users inside can reach 196.123.22.100 directy. I've tried it with masquerading, but it doesn't work.
I noticed the same thing when I upgraded my server. Therefore, I'm
guessing you use your webserver as firewall/gateway as well. If not, this
might be completely wrong... :-)
Note that this is just a suggestion, and it might need to be tweaked a
little depending on your level of trust for your users. I trust myself,
and thus doesn't need to worry about malicious users...
SuSEfirewall, at least the version shipped with 7.3, doesn't provide
access to your outer interface from the inside out-of-the-box, nor does it
have configuration options to solve this. Therefore, you either need to
play with the different hooks in the firewall-custom.rc.config file or
cheat (as I did).
iptables -I INPUT 1 -j ACCEPT -p all -i