Torsten E. wrote:
An external office has two DSL connections (don't ask why ... they have it ... ;)). The LAN (office systems) should be connected to the internet for browsing, email, etc. using one DSL connection. The second one should be dedicated to get remote access to one special system there. Scenario: ____________ | | DSL-line 1 --- |eth0 -- eth2| --- LAN (browsing, email, etc.) (Provider 1 | | | SuSE 9.2 | | | DSL-line 2 --- |eth1 -- eth3| --- dedicated system (separate network) (Provider 1 | | ------------ Restrictions:
- no permitted connections from eth1 <-> eth2 & eth0 <-> eth3
- FW for eth0 accepts traffic for browsing, emails, etc. only
- FW for eth1 accepts traffic for rc-software (vnc or rdp or so) only
Can this be realized using an SuSE 9.2 system? If Yes, how to configure/setup it?
0 and 1 are external, 2 and 3 internal. FW_ALLOW_CLASS_ROUTING=no. You can use FW_FORWARD, FW_FORWARD_MASQ and FW_TRUSTED_NETS to grant special access for some src/dest combinations. Those are not bound to interfaces though. Use FW_CUSTOMRULES to install you own rules if you need to. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/