Re: [suse-security] SuseFirewall2 DMZ
How modify my firewall configuration to have a ftp service wich runs correctly from intern network ? --- Christian Andersson <chrisand@cs.lth.se> a écrit : >
On Tuesday 19 November 2002 20:20, Frédéric Poulet wrote:
What i don't understand that is why i see my ftp server from internet and it's run correctly but from intern network i have errors !
It's because of your firewall configuration.
-- Ch
___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
On Wednesday 20 November 2002 08:55, Frédéric Poulet wrote:
How modify my firewall configuration to have a ftp service wich runs correctly from intern network ?
In SuSE-8.1 (which is the current version as opposed to your 8.0) the firewall is configured in a file /etc/sysconfig/SuSEfirewall2. I don't remember if that is where the config was in 8.0, but otherwise it is somewhere else and shouldn't be difficult to find. This file is _very well_ documented, with large comments at each and every config parameter. Moreover there are other types of documentation that describes firewalling in general, like Network Administration Guide, or something like that. Unfortunately, I don't think I can give any help that is better than this when it comes to your particular problems, since it is not clear yet how the FTP-server is to be configured. Since FTP and firewalls are often creating problems, I suppose you could find solutions in some FAQ or equvalent. Ref. Google. You need to be sure primarily what you want, _secondarily_ how to do it. Firewall configuration is not a piece of cake -- perhaps it shouldn't be. -- Ch
Is it a problem if i have FW_FORWARD=[IP SERVER IN DMZ]/[ADREES INTERN NETWORK],tcp,1:65535 for the security ? ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
On Wednesday 20 November 2002 11:48, Frédéric Poulet wrote:
Is it a problem if i have FW_FORWARD=[IP SERVER IN DMZ]/[ADREES INTERN NETWORK],tcp,1:65535 for the security ?
I think you should rather use FW_SERVICES_INT_{TCP,UDP} and specify FW_TRUSTED_NETS. Make sure that the machines in the internal network is physically unreachable from the internet using other routes than through your FW machine. -- Ch
I read that FW_FORWARD_MASQ don't be used for security reason. How i can create a DMZ without using FW_FORWARD_MASQ but visible from internet ? ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
participants (2)
-
Christian Andersson -
Frédéric Poulet