I sent this email like a ago and didn't get a response, resending it as now I see some activity on the list and this is still happening on OpenSUSE 12.3: On Tue, Mar 19, 2013 at 11:09 PM, Juan Luis Baptiste <juan.baptiste@gmail.com> wrote:
Hi,
I'm trying to enable masquerading on a server to allow some internal hosts to access the internet. From reading the included EXAMPLES file and the documentation of SuSEfirewall2 I have setup the following variables:
FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.10.0/24"
But just setting FW_MASQUERADE="yes" will open up access to the internet to all of the internal network. For what I have read, this shouldn't be the correct behavior because then FW_MASQ_NETS wouldn't have much sense. For now, to be able to block access to the internet to the entire network I have to do it like this:
FW_MASQ_NETS="!0/0 192.168.10.0/24"
Then it works, access to all subnets is disallowed and then I allow the subnet I want. AFAIK this shouldn't be necessary, access to the internet shouldn't be allowed by default. I'm missing something ? this is on opensuse 12.1.
Cheers, -- JLB
-- JLB -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org