On Fri, 2003-07-25 at 04:12, Eduardo J. Vega A wrote:
is there any way on which I could enable the internal clients to be hear by the NAT box ?
Look for these lines in /sbin/SuSEfirewall2 ############################################################### # Anti Spoofing/Cirumvention protection - interface dependent # ############################################################### for DEV in $FW_DEV_INT; do for IP in $DEV_EXT; do $IPTABLES -A INPUT -j LOG ${LOG}"-ACCESS_DENIED_INT " -i $DEV -d $IP $IPTABLES -A INPUT -i $DEV -d $IP -j "$DROP" done done and comment them out and restart the firewall. Note that I'm not sure if those lines were put in there for a reason. It could be a security risk to remove them. Having said that, it looks pretty risk free to remove them, since they only test for the internal NIC, packets coming on the external NIC are blocked elsewhere. If the above lines are really useful, it strikes me as a kernel bug, but then I'm no security expert Another alternative would be to set up something so the internal machines get the internal IP when they look up the name of the server