Thanks Ludwig for yourk answer :) I was beginning to wonder if I'm too stupid for this stuff ;) Ludwig Nussel wrote:
Stefan Schmidt wrote:
[...] FW_DEV_EXT="wlan-bus-pcmcia" FW_DEV_DMZ="eth-id-00:50:04:d2:71:9e" FW_ROUTE="yes" FW_FORWARD="0/0,10.0.0.2,tcp,80 0/0,10.0.0.2,tcp,22"
the rest is more or less standard settings (attached at the end of this email)
Now, when I try to connect to the webserver from the internet I can see the packets with tcpdump at the DMZ server, however, the return packets get blocked by SuSEfirewall2 with the log entry:
Feb 24 13:19:10 linux kernel: SFW2-FWDdmz-DROP-DEFLT IN=eth0 OUT=wlan0 SRC=10.0.0.2 DST=192.168.1.2 LEN=60 TOS=0x08 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=33012 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405B40402080A0456274F008ADDF901030302
It's a bug in the 9.2 SuSEfirewall2. An update is already in the queue. What does that mean exactly? Is it in a testing state and will be released soon or is it still being worked on? Any speculations about a release date - I'm kind of in a hurry with this project.
---- full SuSEfirewall2 configuration --- $ cat /etc/sysconfig/SuSEfirewall2 | grep -e "FW_" | grep -v "#" FW_QUICKMODE="no" FW_DEV_EXT="wlan-bus-pcmcia" FW_DEV_INT="" FW_DEV_DMZ="eth-id-00:50:04:d2:71:9e" FW_ROUTE="yes" FW_MASQUERADE="no" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="no" FW_SERVICES_*_TCP="" FW_SERVICES_*_UDP=""
^ did you manually edit that in the mail? Yes, that was me. I first had all options in the main text before deciding to put it at the end of the email.
cu Ludwig
Greetings Stefan