Is SuSE doing development on SuSEFirewall 2? just mantening it? I've been doing some work with SuSEFirewall, and I've found some shortcoming or missing features. I was wondering what to do with this, forking on my own or contributing back to SuSE. Andres On Thu, 2005-04-07 at 10:59 +0200, Ludwig Nussel wrote:
Marc Rieber wrote:
I want to connect two networks via openvpn. Each network is connected over a suse linux 9.2 router to the internet. On each router i created a tap0 device for the openvpn connection and bridged it to the eth0 device which is the device to the internal network. Everything works fine, but I have problems with the firewall. I can ping router 1 form router 2 and router 2 from router 1. If I try to ping a pc behind router 1 from router 2 and on the other way, it doesn't work. In the log file I get the following message:
SFW2-FWDint-DROP-ICMP-CRIT IN=br0 OUT=br0 PHYSIN=tap0 PHYSOUT=eth0 SRC=192.168.0.1 DST=192.168.1.50 ..........
Broadcasts were also filtered.
Does somebody know how to configure the SuSEFirwall2, that all traffic from PHYSIN=tap0 to PHYSOUT=eth0 and on the other way with a source address of the internal network can go through the firewall.
SuSEfirewall2 doesn't support forwarding based on interfaces yet, FW_FORWARD only accepts IPs. You'll have to use FW_CUSTOMRULES. Alternatively write a patch for SuSEfirewall2 and send it to me :-)
cu Ludwig
-- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/