Re: [suse-security] Re: SuSEfirewall 2 - redirect ports on internal interface to DMZ
Good day, I was recently fiddling around with this port forwarding issue myself. Using Susefirewall2 on a Suse 9.3 Pro allowed me to forward a port on my external IP to another port on a machine behind my firewall. However, using the same script on Novell OES (=SLES9) resulted in nothing. I then tried rinetd but dropped that again because it only forwards tcp ports, not udp. Anyway, would someone have any hints about this difference in behaviour between Suse Pro 9.3 and SLES9? Regards, Peter ____________________________ PV consulting Maria van Bourgondiëlaan 18 - B-8000 Brugge GSM +32 478 317 657 - fax +32 50 34 61 60 - skype peter.vynck e-mail mail@pv-consulting.com - http://www.pv-consulting.com -----"Ariel Guerrero" <ariel.guerrero@gmail.com> wrote: ----- To: "Dirk Schreiner" <Dirk.Schreiner@tria.de> From: "Ariel Guerrero" <ariel.guerrero@gmail.com> Date: 28/09/2006 00:30 cc: "Dirk Enrique Seiffert" <ds@caribenet.com>, suse-security@suse.com Subject: [suse-security] Re: SuSEfirewall 2 - redirect ports on internal interface to DMZ You could try with this rule. I'm not an expert in SuSEfirewall2.... FW_FORDWARD_MASQ="192.168.0.0/24,192.168.0.249,tcp,110,110,192.168.254.2/ 192.168.0.0/24,192.168.0.249,tcp,25,25,192.168.254.2" I use your configuration to make the example, and this is the syntax: <source network>.<ip to forward to>,<protocol>,<port>[redirect port,[destination ip]] I use it to redirect my local webserver and it work it. Sorry for my english, i'm Paraguayan.. Greetz 2006/9/27, Dirk Schreiner <Dirk.Schreiner@tria.de>:
Hi Dirk,
checkout rinetd. It should solve youre Problems.
Dirk
Dirk Enrique Seiffert schrieb:
I am moving a Mailserver from the internal network to the DMZ. This move should be invisible for the enduser. Lat but not least: Some hundred mail clients are configured to consult an IP, not a name: I can't solve the issue by configuring my DNS server.
This is my configuration:
200.x.x.x (public IP) | SuSEfirewall-192.168.254.1--------192.168.254.2 MailServer | 192.168.0.249 | internal network
I have to access the mailserver by an IP in the 192.168.0.0/24 range. External traffic I can easily redirect with FW_FORWARD_MASQ= to an IP in the DMZ. Internal traffic I can redirect to a local port on the firewall with FW_REDIRECT.
Is it possible to redirect all traffic coming on the internal interface for 192.168.0.249 to 192.168.254.2 ?
Any Custom rule? I was googling quite a while to, didn't find any rule doing a forward on the internal interface.
Any idea is appreciated!
Thanks
Enrique
-- There are 10 sorts of people in this World. Those who understand binary, and those who don`t.
TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de
Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Rosa Igl -------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: ds@caribenet.com, suse-security@suse.com # Dateianhänge: 0
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- --------------------------------------------------------- Ing. Ariel Guerrero Mailto: ariel.guerrero@gmail.com Fone: +595 981 425040 Asunción - Paraguay -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
I suggest you have a look at this site http://forge.novell.com/modules/xfmod/project/?susefirewall2 and browse the examples given http://forgeftp.novell.com//susefirewall2/web/EXAMPLES.html -- Regards, Graham Smith
participants (2)
-
Graham Smith -
mail@pv-consulting.com