Manuel Balderrábano <garibolo@wanadoo.es> wrote the Mar 4, 2004 2:53 PM:
By port redirection I mean that all traffic coming to a specific port of the firewall will be redirected to a specific server on the DMZ zone, I think this is called circuit-level forwarding.
You can use the FW_FORWARD_MASQ [snip from /etc/sysconfig/SuSEfirewall2] # Example: # 200.200.200.0/24,10.0.0.10,tcp,80,81,202.202.202.202 # The class C network 200.200.200.0/24 trying to access 202.202.202.202 port # 80 will be forwarded to the internal server 10.0.0.10 on port 81. # Example: # 200.200.200.0/24,10.0.0.10,tcp,80 # The class C network 200.200.200.0/24 trying to access anything which goes # through this firewall ill be forwarded to the internal server 10.0.0.10 on # port 80 This way all connections are logged as FW-FORWARD-MASQ
Of course, that's how i am doing it now, but it masquerades all access to the web server. The rule is exactly: FW_FORWARD_MASQ="0/0,192.168.X.Y,80" (Where 192.168.X.Y is the web server in the DMZ.) Maybe I have it wrong? El Jueves, 4 de Marzo de 2004 16:04, Barry Gill escribió:
Manuel Balderrábano <garibolo@wanadoo.es> wrote the Mar 4, 2004 2:53 PM:
By port redirection I mean that all traffic coming to a specific port of the firewall will be redirected to a specific server on the DMZ zone, I think this is called circuit-level forwarding.
You can use the FW_FORWARD_MASQ [snip from /etc/sysconfig/SuSEfirewall2] # Example: # 200.200.200.0/24,10.0.0.10,tcp,80,81,202.202.202.202 # The class C network 200.200.200.0/24 trying to access 202.202.202.202 port # 80 will be forwarded to the internal server 10.0.0.10 on port 81. # Example: # 200.200.200.0/24,10.0.0.10,tcp,80 # The class C network 200.200.200.0/24 trying to access anything which goes # through this firewall ill be forwarded to the internal server 10.0.0.10 on # port 80
This way all connections are logged as FW-FORWARD-MASQ
-- --------------------------------------------------------------------------------- Manuel Balderrábano e-mail: garibolo@wanadoo.es ---------------------------------------------------------------------------------
Hi. Up to this date I have not been able to solve the problem, so my apache web server's logs are useless in case anything happends. Can anyone please help me? El Jueves, 4 de Marzo de 2004 18:30, Manuel Balderrábano escribió:
Of course, that's how i am doing it now, but it masquerades all access to the web server.
The rule is exactly:
FW_FORWARD_MASQ="0/0,192.168.X.Y,80"
(Where 192.168.X.Y is the web server in the DMZ.)
Maybe I have it wrong?
El Jueves, 4 de Marzo de 2004 16:04, Barry Gill escribió:
Manuel Balderrábano <garibolo@wanadoo.es> wrote the Mar 4, 2004 2:53 PM:
By port redirection I mean that all traffic coming to a specific port of the firewall will be redirected to a specific server on the DMZ zone, I think this is called circuit-level forwarding.
You can use the FW_FORWARD_MASQ [snip from /etc/sysconfig/SuSEfirewall2] # Example: # 200.200.200.0/24,10.0.0.10,tcp,80,81,202.202.202.202 # The class C network 200.200.200.0/24 trying to access 202.202.202.202 port # 80 will be forwarded to the internal server 10.0.0.10 on port 81. # Example: # 200.200.200.0/24,10.0.0.10,tcp,80 # The class C network 200.200.200.0/24 trying to access anything which goes # through this firewall ill be forwarded to the internal server 10.0.0.10 on # port 80
This way all connections are logged as FW-FORWARD-MASQ
--
---------------------------------------------------------------------------------
Manuel Balderrábano
e-mail: garibolo@wanadoo.es
---------------------------------------------------------------------------------
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- --------------------------------------------------------------------------------- Manuel Balderrábano e-mail: garibolo@wanadoo.es ---------------------------------------------------------------------------------
participants (2)
-
Barry Gill -
Manuel Balderrábano