On Sunday 19 April 2009 16:42:31 LLLActive@GMX.Net wrote:
Hi all,
I am setting up a SuSEfirewall2. I need external access to the internal/dmz for on specific machine and port.
I read all I could find about using FW_FORWARD_MASQ="0/0,192.168.0.10,tcp,80 0/0,192.168.0.10,icmp,80"
icmp doesn't know about ports, so the second part of this is wrong.
(also needing FW_ROUTE="yes" and FW_MASQUESRADE="yes").
I can ping the firewall IP on both NIC's (e.g. 192.168.0.1 internal NIC and 192.168.176.1 external NIC) from external IP 192.168.176.10
192.168.176.1 and 192.168.176.10 are invalid "external" IP addresses. The 192.168.x.x network is reserved for internal use and may not be routed on the internet
I cannot ping the internal machines (e.g. 192.168.0.10) from 192.168.176.10
I have the same problem on another FW for internet access on a web server with private IP in the dmz.
What am I missing in the SuSEfirewall2 config?
In principle what you're doing should work, but you have to use real addresses on the internet side Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org