Mailinglist Archive: opensuse-security (396 mails)
| < Previous | Next > |
[SuSEfirewall2] NEW_FW_MASQ_DEV ?
- From: Richard Ems <r.ems.mtg@xxxxxxx>
- Date: Thu, 16 Jan 2003 19:12:09 +0100
- Message-id: <3E26F5F9.1050106@xxxxxxx>
Hi list.
1) What is NEW_FW_MASQ_DEV good for?
I have in my /etc/sysconfig/SuSEfirewall2
FW_DEV_EXT="eth0 eth0:3"
and
FW_MASQ_DEV="$FW_DEV_EXT"
but in /sbin/SuSEfirewall2 (from SuSEfirewall2-3.1-26) FW_MASQ_DEV is "filtered" and eth0:3 discarded. So after this filtering I have only FW_MASQ_DEV="eth0".
Is this needed/wanted? Why?
==========
2) I'm trying to connect from a public external ip (a) to a private internal masqueraded ip, over the public ip address (b) at eth0:3.
From tcpdump on both the external and internal devices, pakets are being correctly forwarded from ext to int, but when responses arrive at the internal device they are being dropped on the last forward_int chain rule.
For this to work I have set on /etc/sysconfig/SuSEfirewall2
FW_FORWARD_MASQ="1.2.3.4,192.168.30.15,tcp,2222,22,5.6.7.8"
where 1.2.3.4 is the ext source public ip (a)
and 5.6.7.8 is the public ip address (b)
Does someone have any clue?
==========
3) What do _ext/_int/_dmz mean on forward_xxx or input_xxx ?
[forward|input]_pakets_COMING_FORM_xxx
or
[forward|input]_pakets_GOING_TO_xxx ???
Many thanks, Richard
1) What is NEW_FW_MASQ_DEV good for?
I have in my /etc/sysconfig/SuSEfirewall2
FW_DEV_EXT="eth0 eth0:3"
and
FW_MASQ_DEV="$FW_DEV_EXT"
but in /sbin/SuSEfirewall2 (from SuSEfirewall2-3.1-26) FW_MASQ_DEV is "filtered" and eth0:3 discarded. So after this filtering I have only FW_MASQ_DEV="eth0".
Is this needed/wanted? Why?
==========
2) I'm trying to connect from a public external ip (a) to a private internal masqueraded ip, over the public ip address (b) at eth0:3.
From tcpdump on both the external and internal devices, pakets are being correctly forwarded from ext to int, but when responses arrive at the internal device they are being dropped on the last forward_int chain rule.
For this to work I have set on /etc/sysconfig/SuSEfirewall2
FW_FORWARD_MASQ="1.2.3.4,192.168.30.15,tcp,2222,22,5.6.7.8"
where 1.2.3.4 is the ext source public ip (a)
and 5.6.7.8 is the public ip address (b)
Does someone have any clue?
==========
3) What do _ext/_int/_dmz mean on forward_xxx or input_xxx ?
[forward|input]_pakets_COMING_FORM_xxx
or
[forward|input]_pakets_GOING_TO_xxx ???
Many thanks, Richard
| < Previous | Next > |