Mailinglist Archive: opensuse-security (108 mails)
| < Previous | Next > |
Re: SuSEfirewall 2 - redirect ports on internal interface to DMZ
- From: "Ariel Guerrero" <ariel.guerrero@xxxxxxxxx>
- Date: Wed, 27 Sep 2006 18:30:51 -0400
- Message-id: <b34b41cb0609271530s6aca1846j39848ad1edf1122b@xxxxxxxxxxxxxx>
You could try with this rule.
I'm not an expert in SuSEfirewall2....
FW_FORDWARD_MASQ="192.168.0.0/24,192.168.0.249,tcp,110,110,192.168.254.2/
192.168.0.0/24,192.168.0.249,tcp,25,25,192.168.254.2"
I use your configuration to make the example, and this is the syntax:
<source network>.<ip to forward to>,<protocol>,<port>[redirect
port,[destination ip]]
I use it to redirect my local webserver and it work it.
Sorry for my english, i'm Paraguayan..
Greetz
2006/9/27, Dirk Schreiner <Dirk.Schreiner@xxxxxxx>:
--
---------------------------------------------------------
Ing. Ariel Guerrero
Mailto: ariel.guerrero@xxxxxxxxx
Fone: +595 981 425040
Asunción - Paraguay
I'm not an expert in SuSEfirewall2....
FW_FORDWARD_MASQ="192.168.0.0/24,192.168.0.249,tcp,110,110,192.168.254.2/
192.168.0.0/24,192.168.0.249,tcp,25,25,192.168.254.2"
I use your configuration to make the example, and this is the syntax:
<source network>.<ip to forward to>,<protocol>,<port>[redirect
port,[destination ip]]
I use it to redirect my local webserver and it work it.
Sorry for my english, i'm Paraguayan..
Greetz
2006/9/27, Dirk Schreiner <Dirk.Schreiner@xxxxxxx>:
Hi Dirk,
checkout rinetd.
It should solve youre Problems.
Dirk
Dirk Enrique Seiffert schrieb:
> I am moving a Mailserver from the internal network to the DMZ. This move
> should be invisible for the enduser. Lat but not least: Some hundred mail
> clients are configured to consult an IP, not a name: I can't solve the
> issue by configuring my DNS server.
>
> This is my configuration:
>
>
> 200.x.x.x (public IP)
> |
> SuSEfirewall-192.168.254.1--------192.168.254.2 MailServer
> |
> 192.168.0.249
> |
> internal network
>
>
> I have to access the mailserver by an IP in the 192.168.0.0/24 range.
> External traffic I can easily redirect with FW_FORWARD_MASQ= to an IP in
> the DMZ. Internal traffic I can redirect to a local port on the firewall
> with FW_REDIRECT.
>
> Is it possible to redirect all traffic coming on the internal interface
> for 192.168.0.249 to 192.168.254.2 ?
>
> Any Custom rule? I was googling quite a while to, didn't find any rule
> doing a forward on the internal interface.
>
> Any idea is appreciated!
>
> Thanks
>
> Enrique
>
>
>
--
There are 10 sorts of people in this World.
Those who understand binary, and those who don`t.
TRIA IT-consulting GmbH
Joseph-Wild-Straße 20
81829 München
Germany
Tel: +49 (89) 92907-0
Fax: +49 (89) 92907-100
http://www.tria.de
Registergericht München HRB 113466
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600
Geschäftsführer: Rosa Igl
--------------------------------------------------------
Nachricht von: Dirk.Schreiner@xxxxxxx
Nachricht an: ds@xxxxxxxxxxxxx, suse-security@xxxxxxxx
# Dateianhänge: 0
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here
--
---------------------------------------------------------
Ing. Ariel Guerrero
Mailto: ariel.guerrero@xxxxxxxxx
Fone: +595 981 425040
Asunción - Paraguay
| < Previous | Next > |