On Wed, Apr 24, 2013 at 12:24:10AM -0500, Juan Luis Baptiste wrote:
On Tue, Apr 23, 2013 at 5:54 PM, Juan Luis Baptiste
wrote: On Tue, Apr 23, 2013 at 12:44 PM, Markus Abt
wrote: Are you sure?
Yes, and I have tested it countless times in several 12.1 and 12.3 JeOS default installations (created with susestudio) by only configuring:
FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS=""
and I will have an open access to the internet, which as I understand the documentation, it shouldn't be the case. Only by adding:
FW_MASQ_NETS="!0/0" internet access is blocked.
Just checked like for the 10th time, I created a new vanilla 12.3 JeOS appliance to discard that I had done any change to SuSEfirewall2 that could be making it behave like this. The only packages installed after first run were susefirewall2, yast2 and yast2-network to configure the second network card. Then I built ovf images, downloaded it, ran it on VirtualBox and the behavior is exatly the same. If I set:
FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="" (by default now it comes with 0/0)
Internet will be enabled for any machine on the internal network. Here you can see my current config, as said before, it's the dault one from 12.3 with only those variables set:
Can you run SuSEfirewall2 status after setting it up? Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org