Re: [suse-security] SuSEFirewall without NAT
I guess my problem I can't get it to work unless I use FW_FORWARD to specifiy all traffic back and forth. For simplicity purposes I started with FW_FORWARD all out and .... nothing worked ! I have to have all of the traffic going out to be permitted, with restrictions on the inbound (only some ports to some machines). Help ! :) TIA, George Michelson Arjen de Korte wrote:
On Saturday 18 January 2003 00:44, George Michelson wrote:
I asked before and did not get an answer: was someone successfull with configuring SuSEFirewall2 (SuSE v 8) without NAT with public addresses on the both side ?
The firewall doesn't care at all what types of addresses you use on either side of it. I don't see the relation between not having NAT and the fact that you have public addresses on both sides of your firewall. I don't have NAT on the firewall either, although I use private addresses on both sides (it is connected to a router which performs the NAT). What is your problem?
Arjen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here's a quick hint ;) #!/bin/bash INTIF=eth0 EXTIF=eth1 SMTP=192.168.0.2/32 HTTP=192.168.0.3/32 IMAPS=192.168.0.4/32 SSH=192.168.0.0/24 iptables -P INPUT ACCEPT iptables -F INPUT iptables -P OUTPUT ACCEPT iptables -F OUTPUT iptables -P FORWARD DROP iptables -F FORWARD iptables -t nat -F iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -d $SMTP \ -p tcp --dport 25 -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -d $HTTP \ -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -d $IMAPS \ -p tcp --dport 993 -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -d $SSH \ -p tcp --dport 22 -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -m state \ --state ESTABLISHED,RELATED -j ACCEPT .. the usual disclaimer - I just wrote it, didn't even execute it to see if it works. HTH anyway. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+KW6plDG6Z61nQGIRAiCZAKC3svABwK73cT9jhq8zCK+Gx+WA7ACg7ki1 Tv7wUkzn+Qn3Y9qvcnzZl/I= =/wxj -----END PGP SIGNATURE-----
participants (2)
-
George Michelson
-
Razvan Cosma