In /etc/rc.config.d/firewall2-custom.rc.config try: fw_custom_before_antispoofing() { # these rules will be loaded before any anti spoofing rules will be # loaded. Effectively the only filter lists already effective are # 1) allow any traffic via the loopback interface, 2) allow DHCP stuff, # 3) allow SAMBA stuff [2 and 3 only if FW_SERVICE_... are set to "yes"] # You can use this hook to prevent logging of uninteresting broadcast # packets or to allow certain packet through the anti-spoofing mechanism. #example: allow incoming multicast packets for any routing protocol #iptables -A INPUT -j ACCEPT -d 224.0.0.0/24 iptables -A INPUT -i eth1 -s <internal subnet>/24 -d <external IP> -j ACCEPT true } Then you have to setup the call to the custom config in the regular config. This is an anti-spoofing measure. This method works for me although it does not seem to work for everyone. Jim 12/19/2002 7:26:41 PM, Turd Ferguson <turdferguson@infowest.com> wrote:
Okay, I have figured out my Port forwarding issues, however, I am still unresolved in my ability to access my domain (hosted by my firewall/masquerade box) from my internal net.
My internal net is 10.10.10.0/24 and I can only access my webserver by going to my gateway address of 10.10.10.1.
Does anyone have an idea of the reasons why?
Thanks!
</Jared>
On Thu, 2002-12-19 at 12:36, Togan Muftuoglu wrote:
* Turd Ferguson; <turdferguson@infowest.com> on 19 Dec, 2002 wrote:
Actually I did, several times, but can find nothing that tells me why this is the case.
Version 0.9 is the latest not 0.8
Perhaps you know something that I misunderstood in my readings?
1) port forwarding is dicussed in Chapter 2 Variables look for item 13,14i15 page 28 ( on the a4 version)
* Turd Ferguson; <turdferguson@infowest.com> on 19 Dec, 2002 wrote:
2: Why is it that I cannot go to my domain directly (Phoenix tells me the connection was refused) from box on my network other than my firewall. I have ensure that the "protect from local area network" box
item 14 has a tip which explains other possiblites of forwarding ports
also in Chapter 8 section 8.1.6 configuring for internal access to External IP
Hope these are helpfull
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here