Mailinglist Archive: opensuse (4294 mails)

< Previous Next >
Re: [opensuse] Accepting all in the FORWARD chain
  • From: Darryl Gregorash <raven@xxxxxxxxxxxxx>
  • Date: Fri, 15 Dec 2006 04:23:48 -0600
  • Message-id: <458277B4.7000702@xxxxxxxxxxxxx>
On 2006-12-15 01:21, Peder wrote:
> This is from one session:
> SFW2-FWDext-ACC-FORW IN=eth0 OUT=eth0 SRC=
> DST= LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=16576 DF
> (020405B401010402)
> DST=
> LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=16577 DF PROTO=TCP SPT=4190
> DPT=80 WINDOW=65535 RES=0x00 ACK URGP=0
Now I am confused.. I thought you said your firewall was redirecting all
http traffic to the squid proxy.
> <snip>
> Hmmm, I think I realize now why it doesn't work. Since my squid server
> isn't a router in its true meaning it doesn't see the ACK my web
> server sends as a reply to the SYN (since that traffic goes directly
> from the web server to the client).
> Therefore it doesn't see my client's subsequent ACK as RELATED or
Since I don't use a proxy, I'm probably way off-mark here, but I thought
all the traffic was supposed to travel through the proxy -- nothing
direct between web server and client.
> I guess my setup is a bit too unorthdox for SuSEfirewall2 but I still
> don't get why it doesn't have an option to accept _all_ forwarding.
I don't think anyone anticipated doing things as you are doing them :-)
You essentially have a single network card functioning as both the
internal and external interfaces.

You may be able to continue to use SuSEfirewall2, by placing your own
rule(s) into the fw_custom_before_masq function in
/etc/sysconfig/scripts/SuSEfirewall2-custom. Make sure to set the
FW_CUSTOMRULES variable in the firewall config file
(Yast/System/sysconfig editor, Network/firewall/susefirewall2) if you do.

The best way to accelerate a computer running Windows is at 9.81 m/s²

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups