* Marc Christensen; <marc@mecworks.com> on 03 Feb, 2003 wrote:
So you want to reach your external interface from your internel network. This is not possible without tweaking FW_CUSTOM to enable such access as SuSEfirewall2 by default denies these requests.
Yes, this is what I want to do. From the EXAMPLE file item #9, it states (emphisis on the words 'on the firewall' not mine):
SuSEfirewall2 will drop requests coming to the External address which have private addresses this is antispoofing. Th eonly way you can change this is adding your rules in the custom script "fw_custom_before_ antispoofing" iptables -A INPUT -i internal_int -s internal_net/mask -d external_int -j ACCEPT you can add port numbers also so you will be limiting the behavior of this permission
I imagine that you ment to say "typing" instead of "tying". Yes, all services
I only had one cup of coffee yet so it is normal that I mistype
are accessabe via the 192.168.1.xxx IP address on the gateway. However, I want to be able to have my clients enter in FQDNs for the different services. ie. for access to: Service FQDN ------- ---- squid proxy proxy.domainname.com:8080 ntp ntp.domainname.com gw gw.domainname.com DNS ns.domainname.com imap/pop/smtp mail.domainname.com etc.
These DNS entries are all valid and either CNAMES or A records for the real-world server IP. Being able to put in FQDNs in for these services is important because it allows new servers to be installed to take on the above funcitons transparent to the clients. If I have them enter IPs for the internal masqueraded network, they will have to reconfigure their TCP/IP setup if one of these changes.
Taking into consideration that I have had only one cup of coffee yet, why don't you set a DNS for internal use only so your clients can still reach with FQDN internally psç Please do not put me to CC as I can get my copy from the mailinglist -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx