On Thu, Jun 19, 2003 at 11:20:53AM +0200, Sandor Toth wrote:
If I try to access theWEB server from the internet and I specify the IP address of the firewall, then it works fine. But it does not work from the internal network on the same way.
And there is a second more serious problem. OK, I use the 192.168.122.2 from internal network to access web and mail. I tried to check my e-mails with IMAP from the internal network. It worked but there were a long delay. The firewall log showed:
SuSE-FW-ACCEPT-TRUST SRC=192.168.120.30 DST=192.168.122.2 PROTO=TCP DPT=143 ok thats imap SuSE-FW-DROP-DEFAULT SRC=192.168.122.2 DST=192.168.120.30 PROTO=TCP DPT=113 and thats the imap server asking for ident information,
accessing the OUTside interface of the firewall from the INside just to redirect it again to the DMZ is a bit difficult. best setup some sort of "split brain" DNS (one shot solution: add it with the 192.X address into /etc/hosts), and use the server name. this is dropped by the firewall, and after the full timeout the serer continues... better reject-with-tcp-reset this particular port (ident,113), then the imap server (and every other server which still asks for ident information before service continues) notices imediately that there is no, and will be no, response... I thought SuSEFirewall did this by default? -hth Lars