SuSEfirewall2 and webserver on subinterfaces
Hi, i have a question regards to SuSEfirewall2 and howto setup the stuff. We have box running the actual 7.3 distribution connectet to the Internet and running some webservers on the same box but in a different IP Range on subinterfcaes. +----------------------+ | | ------.eth0 1.0.0.20/24 | | | .eth0:1 1.0.1.1/24 | .eth0:1 1.0.1.2/24 | .eth0:1 1.0.1.3/24 | .eth0:n 1.0.1.n/24 | .eth0:1 1.0.1.4/24 | .eth0:254 1.0.1.254/24 | | | +----------------------+ So i would now like to make it possible that every www server in that range is reachable from the internet but everything else is droped directly on eth0. I tryed to put a rule like "0/0,1.0.1.0/24,tcp,80" also i tryed "0/0 1.0.1.0/24" into FW_FORWARD FW_ROUTE is enabled I also tryed additionaly to put one of the subinterfaces into the FW_DEV_DMZ eth0:7 for example. Any request gets droped with the msg SuSE-FW-UNALLOWED-TARGET-IN Any ideas ? Bye Holger
You can try this for a change. Run ifconfig and capture what subinterfaces you're running. For example if you have eth0:1, eth0:2, eth0:3 Then list them in FW_DEV_EXT FW_DEV_EXT="eth0 eth0:1 eth0:2 eth0:3" I haven't tried it, but it just makes sense. Alex Levit ----- Original Message ----- From: "Holger Steppke" <hos@de.uu.net> To: <suse-security@suse.com> Sent: Friday, December 07, 2001 3:15 AM Subject: [suse-security] SuSEfirewall2 and webserver on subinterfaces
Hi,
i have a question regards to SuSEfirewall2 and howto setup the stuff.
We have box running the actual 7.3 distribution connectet to the Internet and running some webservers on the same box but in a different IP Range on subinterfcaes.
+----------------------+ | | ------.eth0 1.0.0.20/24 | | | .eth0:1 1.0.1.1/24 | .eth0:1 1.0.1.2/24 | .eth0:1 1.0.1.3/24 | .eth0:n 1.0.1.n/24 | .eth0:1 1.0.1.4/24 | .eth0:254 1.0.1.254/24 | | | +----------------------+
So i would now like to make it possible that every www server in that
range
is reachable from the internet but everything else is droped directly on eth0. I tryed to put a rule like "0/0,1.0.1.0/24,tcp,80" also i tryed "0/0 1.0.1.0/24" into FW_FORWARD FW_ROUTE is enabled I also tryed additionaly to put one of the subinterfaces into the FW_DEV_DMZ eth0:7 for example.
Any request gets droped with the msg SuSE-FW-UNALLOWED-TARGET-IN
Any ideas ?
Bye Holger
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Works perfect, Thanks :)
-----Original Message----- From: Alex Levit [mailto:alex@kel-tek.com] Sent: Friday, December 07, 2001 4:46 PM To: suse-security@suse.com Subject: Re: [suse-security] SuSEfirewall2 and webserver on subinterfaces
You can try this for a change. Run ifconfig and capture what subinterfaces you're running. For example if you have eth0:1, eth0:2, eth0:3 Then list them in FW_DEV_EXT
FW_DEV_EXT="eth0 eth0:1 eth0:2 eth0:3"
I haven't tried it, but it just makes sense.
Alex Levit
----- Original Message ----- From: "Holger Steppke" <hos@de.uu.net> To: <suse-security@suse.com> Sent: Friday, December 07, 2001 3:15 AM Subject: [suse-security] SuSEfirewall2 and webserver on subinterfaces
Hi,
i have a question regards to SuSEfirewall2 and howto setup the stuff.
We have box running the actual 7.3 distribution connectet to
the Internet
and running some webservers on the same box but in a different IP Range on subinterfcaes.
+----------------------+ | | ------.eth0 1.0.0.20/24 | | | .eth0:1 1.0.1.1/24 | .eth0:1 1.0.1.2/24 | .eth0:1 1.0.1.3/24 | .eth0:n 1.0.1.n/24 | .eth0:1 1.0.1.4/24 | .eth0:254 1.0.1.254/24 | | | +----------------------+
So i would now like to make it possible that every www server in that range is reachable from the internet but everything else is droped directly on eth0. I tryed to put a rule like "0/0,1.0.1.0/24,tcp,80" also i tryed "0/0 1.0.1.0/24" into FW_FORWARD FW_ROUTE is enabled I also tryed additionaly to put one of the subinterfaces into the FW_DEV_DMZ eth0:7 for example.
Any request gets droped with the msg SuSE-FW-UNALLOWED-TARGET-IN
Any ideas ?
Bye Holger
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (2)
-
Alex Levit -
Holger Steppke