Mailinglist Archive: opensuse (924 mails)

< Previous Next >
Re: [opensuse] SuseFirewall2 does not allow pings to ext network?
On 10/30/2012 12:49 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2012-10-30 18:34, Marc Chamberlin wrote:
I made the changes you suggested, then restarted the firewall, and tried to
ping devices on my
external network, from inside my internal network. No joy.
Both internal an external sides are in fact private networks? You do not need
NAT, you can use
direct routing, unless you have a reason for it

- -- Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 "Celadon" (Minas Tirith))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iF4EAREIAAYFAlCQLzUACgkQja8UbcUWM1x5hQD+KObEZkX8ZF+zVrpB/UY5M2+m
3jHN8GsaFFH6HdTaptUA/1SdD0gF0ssUf6v86VPQdiVatR9JbupvZqd6GCuBq/be
=IEWN
-----END PGP SIGNATURE-----
Carlos - Perhaps, I can look into direct routing, and if I get it to work, are you implying that NAT is not fully working in SuSEFirewall2? Seem like a pretty serious bug to me, IMHO! Pings and NAT should be fairly straightforward functions that SuSEFirewall2 should handle across two different private networks.... I was guessing that I simply have something misconfigured, and your suggestion of using direct routing as a workaround comes as a surprise! I do know, that at some level NAT must be working, how else could all my systems on my private network be accessing the internet without a problem? So why shouldn't NAT work when I simply am trying to access my external (private) network?

Having never configured direct routing before, guess it is time for me to figure it out... ;-) And I probably could use some help here also......

I have tried the following setting, (simply guessing) but no joy...

FW_TRUSTED_NETS="192.168.2.0/24"

and I took a guess and also tried the following setting in SuSEfirewall2 -

FW_FORWARD="192.168.2.0/24,169.254.1.0/24

believing that would allow any service on the 169 network to be accessible from the 192 network, but the comments stipulate that this only works for non-private nets, so guess I am not surprised that it did not help either....

Since these changes did not help matters, I have backed them out. So how do I configure SuSEFirewall2 to do direct routing?

Marc...


--
"The Truth is out there" - Spooky

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups