Mailinglist Archive: opensuse (4294 mails)

< Previous Next >
Re: [opensuse] Accepting all in the FORWARD chain
  • From: Anders Johansson <andjoh@xxxxxxxxxx>
  • Date: Tue, 12 Dec 2006 18:55:32 +0100
  • Message-id: <200612121855.32880.andjoh@xxxxxxxxxx>
On Tuesday 12 December 2006 18:51, Hoper Edei Deixai wrote:
> On 12/12/06 16:15, suseuser@xxxxxxxxxxx wrote:
> > What's the "correct" way to persuade SuSEfirewall2 in 10.2
> > to accept all forwarding?
> > I've looked in /etc/sysconfig/SuSEfirewall2 and found the
> > FW_FORWARD but even though I set it to "10.100.200.0/24,0/0"
> > it seems to drop some packages.
>
> Maybe you meant "drop some packets" :-P
> Is packet forwarding enabled? (i.e.: /proc/sys/net/ipv4/ip_forward set
> to 1).
> Did you put the appropriate rules in POSTROUTING chain?
>
> BTW, is not safe to allow forwarding from 0/0.

The rule says to forward to 0/0, not from, which should be safe enough

But given that the network is 10.x.x.x, which is private, I wonder if perhaps
masquerading shouldn't be used instead, since otherwise it won't be possible
to reach external addresses

The simplest method is to use YaST, the firewall module, and simply enable
masquerading.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >