Re: [suse-security] fw with 2 external if (fwd)
---------- Forwarded message ----------
Date: Thu, 21 Mar 2002 16:06:26 +0100
From: Robert Klein
Hi,
comments are interspersed.
A request from the third computer on 194.123.123.52:80 is forwarded to 192.168.10.11:80 independet from the firewall-config of SusEfirewall2 (vers 5.0 on SuSE 7.3).
Next step: I disconnectet the Kabel of the Interface 194.123.123.52. But the request from the third computer on 194.123.123.52 is also replayed until I disconnect the the cable from the Interface 194.123.123.51 too. I have verified, that the ip of the interfaces are correct! (I do a retry on 194.123.123.51 with the same behavior).
FW_MASQ_NETS=" 192.168.10.0/24"
Shouldn't you mask your internal network, too?>
No, because the dmz has a proxy and sendmail relay, that works. The firewall ist just a secure router.
FW_FORWARD_MASQ=" 0/0,192.168.10.11,tcp,80"
fw_custom_before_port_handling() { # could also be named "after_antispoofing()" ....... iptables -A PREROUTING -j DNAT -t nat -p tcp -s 0.0/24 -d 194.123.217.52 --dport 80 --to-destination 192.168.10.12:80 -i eth6
Are you sure firewall2-custom.rc.config is included? There has to be a line
FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config"
in /etc/rc.config.d/firewall2.rc.config, to achieve that.
Yes it is. The bevahior describe above is independent of the custum rules. Perhaps, I have to use REDIR or such thing to achive my wishes. But I use need the MASK of the dmz because of the proxys (on proxy run in accelrator mode to be an application gateway firewall for an e-commerce-shop based on IIS).
Robert
Harald Wallus
participants (1)
-
Wallus wallus