Hi,
I'm trying to enable masquerading on a server to allow some internal
hosts to access the internet. From reading the included EXAMPLES file
and the documentation of SuSEfirewall2 I have setup the following
variables:
FW_DEV_EXT="eth0"
FW_DEV_INT="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.10.0/24"
But just setting FW_MASQUERADE="yes" will open up access to the
internet to all of the internal network. For what I have read, this
shouldn't be the correct behavior because then FW_MASQ_NETS wouldn't
have much sense. For now, to be able to block access to the internet
to the entire network I have to do it like this:
FW_MASQ_NETS="!0/0 192.168.10.0/24"
Then it works, access to all subnets is disallowed and then I allow
the subnet I want. AFAIK this shouldn't be necessary, access to the
internet shouldn't be allowed by default. I'm missing something ? this
is on opensuse 12.1.
Cheers,
--
JLB
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org