Re: [suse-security] SuSEFirewall doesn't work?
Hi, thanks for answering. El Martes, 11 de Mayo de 2004 17:53, Tom Kramer escribió:
-----Original Message----- From: Manuel Balderrábano [mailto:garibolo@wanadoo.es] Sent: Tuesday, May 11, 2004 5:42 PM To: suse-security@suse.com Subject: Re: [suse-security] SuSEFirewall doesn't work?
Hi.
Please, please, please... Can anyone tell me how to use PAT under SuSEFirewall2?
Sorry for using this thread to ask this, but Tom mentioned it and I got nervous because I have been trying it for a while. In the end, used squid for apache, but I found nothing for ssh and cvs, so that I have to check the firewall along with both the ssh , the cvs and snort logs.
I don't know what you want to do exactly but check this:
http://www.sun.com/bigadmin/content/submitted/squid_proxy.html
What I need is to redirect all incoming connections on port 80 to another computer on the DMZ.
Maybe this is the answer you are looking for:
"....
You probably have a more sophisticated NetFilter setup. However, there is one line that you need to redirect inbound traffic on port 80 to Squid on port 3128:
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
I do that just by using port 80 on squid, but I would need to do something like: iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-host X.Y.Z.T (I made up that --tol-host rule) Regards.
...."
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- --------------------------------------------------------------------------------- Manuel Balderrábano e-mail: garibolo@wanadoo.es ---------------------------------------------------------------------------------
On Tuesday 11 May 2004 18:13, Manuel Balderrábano wrote:
What I need is to redirect all incoming connections on port 80 to another computer on the DMZ.
What about reading the comments in /etc/sysconfig/SuSEfirewall2? The answer is listed above the parameter FW_FORWARD_MASQ... Regards, Arjen
Hello!
What I need is to redirect all incoming connections on port 80 to another computer on the DMZ.
NIC-config for the examples: w.x.y.z external IP (eth0) NIC: dhcp via pppoe or static IP from provider FW_DEV_EXT="eth0" 192.168.0.x internal net (eth1) NIC: 192.168.0.1 FW_DEV_INT="eth1" 192.168.1.x dmz net (eth2) NIC: 192.168.1.1 FW_DEV_DMZ="eth2" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.0.0/24 192.168.1.0,tcp,20:22 192.168.1.0,tcp,80 192.168.1.0,tcp,443 192.168.1.0/24,tcp,1024:65535" Example for Portforwarding with used masquerading: /etc/sysconfig/SuSEfirewall2: #14.): FW_FORWARD_MASQ="0/0,192.168.1.2,tcp,80" or with iptables: Redirect Traffic from external to Port 80 to IP 192.168.1.2 iptables -A PREROUTING -t nat -j REDIRECT -p tcp -i eth0 -d 192.168.1.2 --dport 80 Redirect Traffic from external to Port 80 to IP 192.168.1.2 on Port 81 iptables -A PREROUTING -t nat -j REDIRECT -p tcp -i eth0 -d 192.168.1.2 --dport 80 --to-ports 81 Example for 192.168.0.0 - 192.168.0.255 net for transparent Proxy: /etc/sysconfig/SuSEfirewall2: #15.): FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128" or with iptables: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080 Philippe
participants (3)
-
Arjen de Korte -
Manuel Balderrábano -
Philippe Vogel