![](https://seccdn.libravatar.org/avatar/398e7ea0cb84898f0fc96a58413d1390.jpg?s=120&d=mm&r=g)
route -n from firewall :
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
80.15.77.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 80.15.77.1 0.0.0.0 UG 0 0 0 ppp0
route -n from web server
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
route print from windows
===========================================================================
Liste d'Interfaces
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 f4 45 e8 0e ...... Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport
d'ordonnancement de paquets
===========================================================================
===========================================================================
Itinraires actifsÿ:
Destination rseau Masque rseau Adr. passerelle Adr. interface Mtrique
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.199 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.199 192.168.1.199 20
192.168.1.199 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.199 192.168.1.199 20
224.0.0.0 240.0.0.0 192.168.1.199 192.168.1.199 20
255.255.255.255 255.255.255.255 192.168.1.199 192.168.1.199 1
Passerelle par dfautÿ: 192.168.1.1
===========================================================================
Itinraires persistantsÿ:
Aucun
--- Thorsten Preuss
Jan 17 16:10:29 linux kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=80.15.76.155 DST=80.15.77.20 LEN=78 TOS=0x00 PREC=0x00 TTL=120 ID=34582 PROTO=UDP SPT=1030 DPT=137 LEN=58
tells us, that the firewall is at least blocking packets and that the firewall logs these, too.
Can you post the output of the command:
route -n
from your firewall and your webserver and perhaps the output of the command
route print
from your windows box ?
The setup following should work fine, but you will not be able to reach your webserver from the inside with the public ip of your ppp0 interface, just with the private ip 192.168.5.2.
Please also try to get the newest version of the SuSEfirewall2 scripts, i ran into some trouble with an older version while trying to use FW_FORWARD_MASQ which ran fine after updating the scripts. The newest version is available under:
ftp://ftp.suse.com/pub/people/garloff/linux/SuSE/RPMS/[SuSE-version]/SuSEfirewall2-*
FW_DEV_EXT="ppp0" FW_DEV_INT="eth1" FW_DEV_DMZ="eth2" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.1.0/24 192.168.5.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="80" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="80" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="80" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="DNS ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="0.0.0.0/0,192.168.5.2,tcp,80" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="yes" FW_LOG="--log-level warning --log-tcp-options --log-ip-option \ --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="no" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="no" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com