Hi, Bruno Cochofel wrote:
Ok, let's say I'll put a firewall PC on my network...
I have to create a masquerade rule to let the internet access my intranet web server right?
If you are new to Firewalling try out rinetd. Makes Firewall rules by far easier. In fact you simply can use Yast Firewall configuration. (Simply handle the redirected external Port as if it was opend by the Server.)
(By the way, trying to find out how to do that under yast but don't get the diference between the option Source network and requested IP, so if someone help me on this I appreciate... There's several options to create a rule so please illucidate me)
Doesn't this rule opens a hole in my intranet security if, let's say, my web server get's compromised?
Yea. Put another 5.--EUR ethernet card into the Firewall. Declare it as DMZ and put the webserver there. (But then youre workstation cannot be the webserver ;-)) Greetings Dirk TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl-------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: bruno.cochofel@gmail.com, suse-security@suse.com # Dateianhänge: 0