In /etc/rc.config.d/firewall2-custom.rc.config try:
fw_custom_before_antispoofing() {
# these rules will be loaded before any anti spoofing rules will be
# loaded. Effectively the only filter lists already effective are
# 1) allow any traffic via the loopback interface, 2) allow DHCP stuff,
# 3) allow SAMBA stuff [2 and 3 only if FW_SERVICE_... are set to
"yes"]
# You can use this hook to prevent logging of uninteresting broadcast
# packets or to allow certain packet through the anti-spoofing
mechanism.
#example: allow incoming multicast packets for any routing protocol
#iptables -A INPUT -j ACCEPT -d 224.0.0.0/24
iptables -A INPUT -i eth1 -s <internal subnet>/24 -d <external IP> -j
ACCEPT
true
}
Then you have to setup the call to the custom config in the regular config.
This is an anti-spoofing measure. This method works for me although it
does not seem to work for everyone.
Jim
12/19/2002 7:26:41 PM, Turd Ferguson
Okay, I have figured out my Port forwarding issues, however, I am still unresolved in my ability to access my domain (hosted by my firewall/masquerade box) from my internal net.
My internal net is 10.10.10.0/24 and I can only access my webserver by going to my gateway address of 10.10.10.1.
Does anyone have an idea of the reasons why?
Thanks!
</Jared>
On Thu, 2002-12-19 at 12:36, Togan Muftuoglu wrote:
* Turd Ferguson;
on 19 Dec, 2002 wrote: Actually I did, several times, but can find nothing that tells me why this is the case.
Version 0.9 is the latest not 0.8
Perhaps you know something that I misunderstood in my readings?
1) port forwarding is dicussed in Chapter 2 Variables look for item 13,14i15 page 28 ( on the a4 version)
* Turd Ferguson;
on 19 Dec, 2002 wrote: 2: Why is it that I cannot go to my domain directly (Phoenix tells me the connection was refused) from box on my network other than my firewall. I have ensure that the "protect from local area network" box
item 14 has a tip which explains other possiblites of forwarding ports
also in Chapter 8 section 8.1.6 configuring for internal access to External IP
Hope these are helpfull
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here