Mailinglist Archive: opensuse (924 mails)

< Previous Next >
[opensuse] SuseFirewall2 does not allow pings to ext network?
I have a network setup where I have a openSuSE 11.4 system acting as a firewall between an external and an internal network. Using SuSEfirewall2, I have enabled routing (FW_ROUTE="yes") and masquerading (FW_MASQUERATE="yes") between the two nets, and do not protect the firewall from the internal network. I have also set FW_ALLOW_PING_EXT="yes" in the SuSEfirewall2 configuration file. While I can ping all the devices in the external network from my firewall computer, I CANNOT ping any of the external devices from computers within my internal network. My grokking of the comments on this parameter is that by setting this value to yes, this is exactly what I should be able to do!? I tried pinging both with direct IP addresses and using names resolved via my DNS server with no difference, so that eliminates DNS name resolution as a possible cause.

I get the feeling that this is some kind of routing or NAT issue because I am not able to access any other service provided by devices on the external network, from computers on the internal network, either. Although my firewall computer can do so just fine. On the external network I have a router which is the gateway between the external network and the internet. It too is set up to do NAT translations and has a simplified firewall, could it somehow be the cause of why my internal network cannot reach devices on my external network? That seems odd to me but then I don't claim to fully understand the way networks work. What am I missing?

Thanks in advance for any ideas/thoughts, I am kinda stumped... Marc

--
"The Truth is out there" - Spooky

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups