Mailinglist Archive: opensuse-security (179 mails)
| < Previous | Next > |
SuSEfirewall2 not routing when both nics on same subnet
- From: David Livingston <dave.livingston@xxxxxxx>
- Date: Mon, 24 May 2004 16:02:06 -0500
- Message-id: <BCD7CCFE.59FD%dave.livingston@xxxxxxx>
I want to do basic filtering of ports without having to masquerade. From
everything I have read (including the unofficial guide to SuSEfirewall) the
below config should do that. Unfortunately I cannot get the firewall to
route to eth1 or anything behind it. I am a noob at this so any guidance
would be greatly appreciated.
Thanks in advance,
Dave
The Ip's have been changed for obvious reasons.
Internet
|
|
eth0 (1.1.1.1)
|
FireWall---eth1 (1.1.1.2)
|
|
Webserver (1.1.1.3)
FW_DEV_EXT="eth0"
FW_DEV_DMZ="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="no"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP="ssh"
FW_SERVICES_EXT_UDP="ssh"
FW_SERVICES_DMZ_TCP="ssh"
FW_SERVICES_DMZ_UDP="ssh"
FW_SERVICES_DMZ_IP=""
FW_TRUSTED_NETS=""
FW_FORWARD="0/0,1.1.1.3,tcp,80"
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
SuSE-FW"
FW_KERNEL_SECURITY="no"
FW_STOP_KEEP_ROUTING_STATE="yes"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="yes"
FW_ALLOW_FW_TRACEROUTE="yes"
--
C: Zanzeta, Inc.
N: Dave Livingston
T: Chief Information Officer
P: 469.688.4872
F: 214.292.8578
E: dlivingston@xxxxxxxxxxx
everything I have read (including the unofficial guide to SuSEfirewall) the
below config should do that. Unfortunately I cannot get the firewall to
route to eth1 or anything behind it. I am a noob at this so any guidance
would be greatly appreciated.
Thanks in advance,
Dave
The Ip's have been changed for obvious reasons.
Internet
|
|
eth0 (1.1.1.1)
|
FireWall---eth1 (1.1.1.2)
|
|
Webserver (1.1.1.3)
FW_DEV_EXT="eth0"
FW_DEV_DMZ="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="no"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP="ssh"
FW_SERVICES_EXT_UDP="ssh"
FW_SERVICES_DMZ_TCP="ssh"
FW_SERVICES_DMZ_UDP="ssh"
FW_SERVICES_DMZ_IP=""
FW_TRUSTED_NETS=""
FW_FORWARD="0/0,1.1.1.3,tcp,80"
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
SuSE-FW"
FW_KERNEL_SECURITY="no"
FW_STOP_KEEP_ROUTING_STATE="yes"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="yes"
FW_ALLOW_FW_TRACEROUTE="yes"
--
C: Zanzeta, Inc.
N: Dave Livingston
T: Chief Information Officer
P: 469.688.4872
F: 214.292.8578
E: dlivingston@xxxxxxxxxxx
| < Previous | Next > |