It is the firewall....and it is supposed to be that way...
Your internal machines should never have to out to the internet to come
back in, what you need to do is set up the lmhosts files on your local
computers with the web address and internal ip number you want to link
it to.
Or, if you are using DHCP you may set up an entry to tell it that
www.yoursite.com is actually 10.0.0.2 instad of 44.55.66.77(external
address)
It is a security feature of the firewall.
-----Original Message-----
From: Michael Stern [mailto:mhstar@gmx.at]
Sent: Friday, March 08, 2002 3:49 AM
To: Suse-Security
Subject: Re: [suse-security] SuSEfirewall2 and viewing your own internal
web site.
it may also be a TCPIP/NAT issue, not necessarily the firewall.
regards,
michael
----- Original Message -----
From: "James Bliss"
This has been an ongoing conversation on the SLE mailing list off and on. This is an issue with the anti-spoofing rules with the firewall2 configuration (a valid security implementation by the way)
First off. we need a view of what the following command provides: grep
-v ^# /etc/rc.config.d/firewall2.rc.config
Also, I would suggest adding: At the end of firewall2.rc.config: Section 25. )
FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config"
Then in firewall2-custom.rc.config: In the fw_custom_before_antispoofing() section add: iptables -A INPUT -i
-s -d (external IP address> -j ACCEPT This line should look like: iptaqbles -A INPUT -i eth0 -s 192.168.1.0/24 -d 1.1.1.1 -j ACCEPT 192.169.1.0 should be your internal address range with a 0 at the end.
1.1.1.1 should be the IP address of you external interface.
Then let us know what your resolution is. And we can proceed from there.
(Thanks Togan for the grep command, that is very useful).
Jim
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here