hey,
All the tutorials and FAQs I read so far never said anything about configuring the reverse path also. I mean I could simply include 10.0.0.2,0/0 in FW_FORWARD, but if someone hacked my DMZ server he automatically has access to everywhere.
i think i ran into the same problem some time ago when i wuz setting up my dmz. for me the problem only occured for requests coming from the internal network (if i remember correctly...)
So is this me just being stupid or is SuSEfirewall2 not doing what it should be doing?
that where the same thoughts that came into my head...my solution was to create some custom rules so that the packages could get through the firewall on their way back. i can't reconstruct that mess in detail, but if you try it out, i guess u find the rules to allow the stuff u need pretty fas. i had to alter the tables forward_dmz and forward_ext. i found no other solution, nor reason for this, so i won't say sfw2 is doing anything wrong... hth greetingz luk