THere is a switch for "protect from internal I rememebr off hand". You need
to put a route in your table if you are not going to NAT.
Regards,
Jon
----- Original Message -----
From: "Vitaly Shishakov"
I am having a similar problem with SuSEfirewall2 (version 2.1).
for example -- i have a SuSE linux machine set up as gw with iptables firewall, masq, etc, running HTTP, SMTP, IMAPD, FTP, SSH, etc.
probably -- that is not the most secure solution -- but currently i can not move that stuff to other machines (and thus create the DMZ) instead -- i have to use it like that is now.
in a similar fashion, i can not connect to it's services from internal (masquaraded) network to number of services via external address -- that is really not convinient.
how can i fix it?
charly123 wrote:
Hallo Michael,
I want to talk on Port 6667 (IRC-Server) of my own Server. You will say, I can probably talk to the internal Adress, but I can't do that with a specially-written program. This program talks to the external Adress, but the Firewall blocks that. Why can I disable this security-option.
yes, so it is, but I can't change the options of the client-software, it
is
written for external users of the IRC-Server. I need the program for log all traffic on the IRC and to look for someone, who want to talk to me as operator. So I need the variable to deaktivate the option "SuSE-FW-NO_ACCESS_INT->FWEXT ". In which configuration-file or script is it activatet?
Best regards,
Jost Schöler
___________________________________________________________________________ _
________________ Die IRC-Client-Software soll eigentlich auf eine Adresse im Deinem Netzwerk zugreifen, geht jetzt aba über Deinen Router/Firewall auf eine externe IP. Dann ist es wohl eher 'ne Einstellungsfrage der Client-Software. Ciao Michael
___________________________________________________________________________ _
_____
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here