SuSEfirewall2 not routing when both nics on same subnet
I want to do basic filtering of ports without having to masquerade. From everything I have read (including the unofficial guide to SuSEfirewall) the below config should do that. Unfortunately I cannot get the firewall to route to eth1 or anything behind it. I am a noob at this so any guidance would be greatly appreciated. Thanks in advance, Dave The Ip's have been changed for obvious reasons. Internet | | eth0 (1.1.1.1) | FireWall---eth1 (1.1.1.2) | | Webserver (1.1.1.3) FW_DEV_EXT="eth0" FW_DEV_DMZ="eth1" FW_ROUTE="yes" FW_MASQUERADE="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ssh" FW_SERVICES_EXT_UDP="ssh" FW_SERVICES_DMZ_TCP="ssh" FW_SERVICES_DMZ_UDP="ssh" FW_SERVICES_DMZ_IP="" FW_TRUSTED_NETS="" FW_FORWARD="0/0,1.1.1.3,tcp,80" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="yes" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_FW_TRACEROUTE="yes" -- C: Zanzeta, Inc. N: Dave Livingston T: Chief Information Officer P: 469.688.4872 F: 214.292.8578 E: dlivingston@zanzeta.com
participants (6)
-
Armin Schoech
-
b@rry.co.za
-
Brett Stevens
-
David Livingston
-
Thomas Seliger
-
Tony Stohne