Hi All I am trying to setup SuSEfirewall2 to forward & Masq to a Microsoft web server on my internal LAN The website runs ASP scripts so I can't, as far as I know hosts it on apache. Shoot the damm developer !!!! The websites IP is 196.25.208.26, I created a virtual adapter eth1:1 with IP 196.25.208.28. I Have FW_DEV_DMZ="eth1:1" - (IP-196.25.208.26) FW_FORWARD="196.25.208.28,10.0.0.7" - (10.0.0.7 is the private IP of my web server) FW_FORWARD_MASQ ="0/0 10.0.0.7,tcp,80" But it does not work ? Thanks Andre South Africa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andre - I don't completetly understand your setup. I assume, it looks like this: internet <--------> firewall <---------> webserver ^ ^ ^ | | | 196.25.208.26 10.0.0.? 10.0.0.7 (eth0) (eth1) ok, I'd go without a virtual IP first. You can add it to eth0 later. (Yes, eth0, not eth1) Then, if you use FW_FORWARD_MASQ, I think, you need to enable masquerading and Routing in your Firewall. then try the following options: FW_DEV_DMZ="eth1" FW_FORWARD_MASQ ="0.0/0,10.0.0.7,tcp,80" FW_FORWARD="" That worked for my servers. Regards, Daniel Wirth ___________________________ Please encrypt all E-Mail!! PGP Fingerprint: 80AF 107A A1D8 2471 C38A 1EDC 4EA0 8CE2 A271 242E ___________________________ On Mon, 19 May 2003, Andre Vorster wrote:
Date: Mon, 19 May 2003 16:27:25 +0200 From: Andre Vorster <andre.vorster@businessprint.co.za> To: "Suse-Security (E-Mail) (E-mail)" <suse-security@suse.com> Subject: [suse-security] FW_FORWARD_MASQ
Hi All
I am trying to setup SuSEfirewall2 to forward & Masq to a Microsoft web server on my internal LAN The website runs ASP scripts so I can't, as far as I know hosts it on apache. Shoot the damm developer !!!!
The websites IP is 196.25.208.26, I created a virtual adapter eth1:1 with IP 196.25.208.28.
I Have FW_DEV_DMZ="eth1:1" - (IP-196.25.208.26) FW_FORWARD="196.25.208.28,10.0.0.7" - (10.0.0.7 is the private IP of my web server) FW_FORWARD_MASQ ="0/0 10.0.0.7,tcp,80"
But it does not work ?
Thanks Andre South Africa
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE+yO9DTqCM4qJxJC4RAmVuAJsGbEYuBXWM78m97N1KmMo2+BLrfACg3JaI U8u92jH85VvgWrRhojrd7C0= =Ejz9 -----END PGP SIGNATURE-----
You may also want to have a look at: http://httpd.apache.org/related_projects.html#apacheasp Rather than blame the developers. Bjorn Robertsson -----Original Message----- From: Daniel Wirth [mailto:dw@wirthuell.de] Sent: 19. maí 2003 14:51 To: Andre Vorster Cc: Suse-Security (E-Mail) (E-mail) Subject: Re: [suse-security] FW_FORWARD_MASQ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andre - I don't completetly understand your setup. I assume, it looks like this: internet <--------> firewall <---------> webserver ^ ^ ^ | | | 196.25.208.26 10.0.0.? 10.0.0.7 (eth0) (eth1) ok, I'd go without a virtual IP first. You can add it to eth0 later. (Yes, eth0, not eth1) Then, if you use FW_FORWARD_MASQ, I think, you need to enable masquerading and Routing in your Firewall. then try the following options: FW_DEV_DMZ="eth1" FW_FORWARD_MASQ ="0.0/0,10.0.0.7,tcp,80" FW_FORWARD="" That worked for my servers. Regards, Daniel Wirth ___________________________ Please encrypt all E-Mail!! PGP Fingerprint: 80AF 107A A1D8 2471 C38A 1EDC 4EA0 8CE2 A271 242E ___________________________ On Mon, 19 May 2003, Andre Vorster wrote:
Date: Mon, 19 May 2003 16:27:25 +0200 From: Andre Vorster <andre.vorster@businessprint.co.za> To: "Suse-Security (E-Mail) (E-mail)" <suse-security@suse.com> Subject: [suse-security] FW_FORWARD_MASQ
Hi All
I am trying to setup SuSEfirewall2 to forward & Masq to a Microsoft web server on my internal LAN The website runs ASP scripts so I can't, as far as I know hosts it on apache. Shoot the damm developer !!!!
The websites IP is 196.25.208.26, I created a virtual adapter eth1:1 with IP 196.25.208.28.
I Have FW_DEV_DMZ="eth1:1" - (IP-196.25.208.26) FW_FORWARD="196.25.208.28,10.0.0.7" - (10.0.0.7 is the private IP of my web server) FW_FORWARD_MASQ ="0/0 10.0.0.7,tcp,80"
But it does not work ?
Thanks Andre South Africa
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE+yO9DTqCM4qJxJC4RAmVuAJsGbEYuBXWM78m97N1KmMo2+BLrfACg3JaI U8u92jH85VvgWrRhojrd7C0= =Ejz9 -----END PGP SIGNATURE----- -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (3)
-
Andre Vorster -
Björn Róbertsson -
Daniel Wirth