wanakom@gmail.com wrote:
Hi Rui
Rui Santos wrote:
same with network 192.168.2.x
What about ssh ? Can you ssh from one net to another ?
Nope. In fact, when I ping from a wxp machine, the answer is "Destination protocol unreachable".
My Google searches have not shown any result. What do I miss in my configuration ?
Are you sure it's a firewall configuration ? It could be the configuration of your print-server system. Many printing servers, by default, only allow printing from the network it is connected to. Just check it to make sure. I cannot even ping machines or another server in the other network. No limitation has been set to the print-servers. If you are sure it is a firewall configuration, could you provide the firewall log right after a printing attempt ? Also state witch machine is printing to witch machine.
After sending a ping to the printer 172.26.6.10 from machine 192.168.1.14, the firewall log output is as follow :
Sep 3 11:15:32 ml110 kernel: SFW2-FWDint-DROP-DEFLT IN=eth0 OUT=eth2 SRC=192.168.1.14 DST=172.26.6.10 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=32021 PROTO=ICMP TYPE=8 CODE=0 ID=768 SEQ=14592 You are right. ping can have additional restrictions. Can you try with an ssh, ftp or telnet connection and provide the log ?
If I understand it, the firewall drops it because if stop the icmp protocol. But I specified FW_PROTECT_FROM_INT="no". Shall I specify what protocols are allowed in spite of no protection for "int" ? If so, what variables shall I look for ?
I believe your FW_MASQ_DEV="zone:ext zone:int" setting is incorrect. You should not need any masquerade on "zone:int". Routing alone should take care of all communications between you internal/dmz nets. Try the settings: FW_MASQ_DEV="zone:ext" FW_MASQ_NETS="0/0"
-- Rui Santos http://www.ruisantos.com/ Veni, vidi, Linux! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org