Mailinglist Archive: opensuse (2008 mails)
| < Previous | Next > |
Re: [opensuse] Public IP Webserver behind SuSEfirewall2 & FW_MASQUERADE
- From: Anders Johansson <ajohansson@xxxxxxx>
- Date: Sun, 19 Apr 2009 17:09:57 +0200
- Message-id: <200904191709.57517.ajohansson@xxxxxxx>
On Sunday 19 April 2009 16:42:31 LLLActive@xxxxxxx wrote:
icmp doesn't know about ports, so the second part of this is wrong.
192.168.176.1 and 192.168.176.10 are invalid "external" IP addresses. The
192.168.x.x network is reserved for internal use and may not be routed on the
internet
In principle what you're doing should work, but you have to use real addresses
on the internet side
Anders
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Hi all,
I am setting up a SuSEfirewall2. I need external access to the
internal/dmz for on specific machine and port.
I read all I could find about using
FW_FORWARD_MASQ="0/0,192.168.0.10,tcp,80 0/0,192.168.0.10,icmp,80"
icmp doesn't know about ports, so the second part of this is wrong.
(also
needing FW_ROUTE="yes" and FW_MASQUESRADE="yes").
I can ping the firewall IP on both NIC's (e.g. 192.168.0.1 internal NIC
and 192.168.176.1 external NIC) from external IP 192.168.176.10
192.168.176.1 and 192.168.176.10 are invalid "external" IP addresses. The
192.168.x.x network is reserved for internal use and may not be routed on the
internet
I cannot ping the internal machines (e.g. 192.168.0.10) from 192.168.176.10
I have the same problem on another FW for internet access on a web
server with private IP in the dmz.
What am I missing in the SuSEfirewall2 config?
In principle what you're doing should work, but you have to use real addresses
on the internet side
Anders
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |