Hi All, Firstly my config as follows : SuSE 7.3 - 2.4.16 kernel firewall2 config : FW_DEV_EXT="eth0" FW_DEV_INT="eth2" FW_DEV_DMZ="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.1.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="22" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="25 80" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="0/0,100.100.100.100,tcp,80 0/0,100.100.100.100,tcp,25" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_PING_EXT="yes" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="yes" FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config" added : route add 100.100.100.100 dev eth1 and : echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp route shows all routes is up now : when i turn the firewall off i can ping the webserver&mailserver in DMZ and i can ping the pvt. subnet. When i turn the firewall on the pvt subnet can get to the internet but nothing gets in our out from the DMZ var/log/firewall = DROP-ANTISPOOFING 100.100.100.100 Without changing the iptables rules (I trust mark's rules explicitly) can someone please tell me what i am doing wrong on this FW2 config there must be something very basic that i am missing ? Thank you so much for reading this long post. tia andre
participants (1)
-
andre@do