Re: [suse-security] firewall2 and portforwarding
Hi! Then is this exsample correct? FW_FORWARD_MASQ="0.0.0.0/0,192.168.0.15,tcp,5600" So everybody will get access to the 192.168.0.15 mashine on port 5600 per tcp, right? thx :)) s@mmy
Then is this exsample correct? FW_FORWARD_MASQ="0.0.0.0/0,192.168.0.15,tcp,5600" So everybody will get access to the 192.168.0.15 mashine on port 5600 per tcp, right?
I do a fair amount of Port Forwarding using SuSEFirewall2, with a 2.4 kernel. Here's some examples I cooked up for you, using your example of an internal network of 192.168.0.[whatever] Let's say I wanted to allow the internet addresses of "1.2.3.[whatever]" through to 192.168.0.15 on tcp AND udp ports 5631 and 5632 so I could connect to pcanywhere running on a windohs box. FW_FORWARD_MASQ="1.2.3.0/24,192.168.0.15,tcp,5631 \ 1.2.3.0/24,192.168.0.15,udp,5631 \ 1.2.3.0/24,192.168.0.15,tcp,5632 \ 1.2.3.0/24,192.168.0.15,udp,5632" Let's add to that: Let's say that I have *another* pcanywhere windows box on the inside, at 192.168.0.30, and I want to be able to reach it as well. Just for fun, I'd also only like to access the .30 machine from one different external IP address: 5.6.7.8, but none of the other 5.6.7.[whatever] machines other than .8 should get access. Obviously, we can't use ports 5631 and 5632 on the firewall, those are now port-forwarded to the 192.168.0.15 machine. So... We'll pick a different pair (5633, and 5634), and forward them to 5631 and 5632 on 192.168.0.30. Now our forward statement will look like this: FW_FORWARD_MASQ="1.2.3.0/24,192.168.0.15,tcp,5631 \ 1.2.3.0/24,192.168.0.15,udp,5631 \ 1.2.3.0/24,192.168.0.15,tcp,5632 \ 1.2.3.0/24,192.168.0.15,udp,5632 \ 5.6.7.8/32,192.168.0.30,tcp,5633,5631 \ 5.6.7.8/32,192.168.0.30,udp,5633,5631 \ 5.6.7.8/32,192.168.0.30,tcp,5634,5632 \ 5.6.7.8/32,192.168.0.30,udp,5634,5632" Finally, to accomplish your specific request: FW_FORWARD_MASQ="0/0,192.168.0.15,tcp,5600" And if you wanted to use a different port to bring something in to port 5600 on the .15 machine: FW_FORWARD_MASQ="0/0,192.168.0.15,tcp,[port on firewall],5600" Have fun! Argentium
participants (2)
-
Argentium G. Tiger
-
Ralf Moeller