From what i gater from your and Barry's messages, i already had it figured out, but the online documentation had me confused, so i was looking at the wrong place. I should have just sticked to the #comments in the file and then mimmicked
I'm already running 2.4, and iptables (said so in my message).
the syntax used in other options for the port ranges. thanks for clearing
that one out barry, very much appreciated :D
I'll try that way and report back
Benoit Gariod
-----Original Message-----
From: Renan Yigitaslan [mailto:renan@eskisehirli.net]
Sent: Friday, November 07, 2003 2:17 PM
To: Benoit Gariod
Subject: Re: [suse-security] masquerading and port range forwarding to
internal host (with a private address)
Hello Ben,
You must update your kernel 2.2.1 to 2.4.x if you will use iptables support.
You can update your kernel with yast. Very easy and fast solution.
Definitely you must type FW_ROUTE="yes" and
FW_ALLOW_INCOMING_HIGHPORTS_TCP(UDP)="yes or port_number".
and you must type
FW_FORWARD="source_ip,dest_ip,protocol,dest_port" if not use masqueraded
network
ex.
FW_FORWARD="0/0,10.1.1.1,tcp,12010:12100"
if use masqueraded network you must use FW_FORWARD_MASQ expression
ex.
FW_FORWARD_MASQ="0/0,10.1.1.1,tcp,12030:12100"
good lucks.
Fidel Renan
----- Original Message -----
From: "Benoit Gariod"
Hello
I'm running 8.2 and so far i've ben able to use /etc/sysconfig/SuSEfirewall2 to do all the firewalling i wanted, but now i want to forward a whole port range to one of the host on the internal network, and the only option (FW_FORWARD) takes 2 public IP addies as arguments (from what i read about it on the list archive anyway). Problem is, most of the messages i've read are quite old (2000-2001) and address 2.2 kernel issues. i run iptables (came with 2.4 kernel, and it did what i wanted it to), so i'm asking here in a fresh message.
so, in short, if i want to forward ports 12030-12100 to a host on my internal network, can i do it with /etc/sysconfig/SuSEfirewall2 or do i have to input an iptables rule myself? could anyone help building said rule?
thanks a lot
Ben
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here