Re: [suse-security] SuSEFirewall without NAT
And which ports/services do you want to block for internal users, and which should be blocked for Internet.
Well ... In order to get traffic going I had to use FW_FORWARD, I create a "rule" for forwarding from inside network /any computer/anyport to 0/0 and traffic started to go out, but it was all droped on the firewall on the return - I was hoping that "session" will be created and it (firewall) will figure out that's going on. I ended up adding one more "rule" into FW_FORWARD - backword routing all into internal network . ... But it's a router now, not a firewall ... So I am thinking about using some other product, unless I can get some help here !
TIA, George Michelson
Dominik Sk?adanowski wrote:
Hi.
I asked before and did not get an answer: was someone successfull with configuring SuSEFirewall2 (SuSE v 8) without NAT with public addresses on the both side ?
Can you describe problem more detailed? --
Dominik Składanowski e-mail: dominik.skladanowski@ch.pw.edu.pl -----------------------------------------------------------------
I want to have all traffic to go out and limit in to smtp, imaps and http to one host and ssh to couple more. Thanks ! George Dominik Składanowski wrote:
And which ports/services do you want to block for internal users, and which should be blocked for Internet.
Well ... In order to get traffic going I had to use FW_FORWARD, I create a "rule" for forwarding from inside network /any computer/anyport to 0/0 and traffic started to go out, but it was all droped on the firewall on the return - I was hoping that "session" will be created and it (firewall) will figure out that's going on. I ended up adding one more "rule" into FW_FORWARD - backword routing all into internal network . ... But it's a router now, not a firewall ... So I am thinking about using some other product, unless I can get some help here !
TIA, George Michelson
Dominik Sk?adanowski wrote:
Hi.
I asked before and did not get an answer: was someone successfull with configuring SuSEFirewall2 (SuSE v 8) without NAT with public addresses on the both side ?
Can you describe problem more detailed?
participants (2)
-
Dominik Składanowski
-
George Michelson