Anders Johansson wrote:
On Sunday 19 April 2009 16:42:31 LLLActive@GMX.Net wrote:
Hi all,
I am setting up a SuSEfirewall2. I need external access to the internal/dmz for on specific machine and port.
I read all I could find about using FW_FORWARD_MASQ="0/0,192.168.0.10,tcp,80 0/0,192.168.0.10,icmp,80"
icmp doesn't know about ports, so the second part of this is wrong.
(also needing FW_ROUTE="yes" and FW_MASQUESRADE="yes").
I can ping the firewall IP on both NIC's (e.g. 192.168.0.1 internal NIC and 192.168.176.1 external NIC) from external IP 192.168.176.10
192.168.176.1 and 192.168.176.10 are invalid "external" IP addresses. The 192.168.x.x network is reserved for internal use and may not be routed on the internet
I cannot ping the internal machines (e.g. 192.168.0.10) from 192.168.176.10
I have the same problem on another FW for internet access on a web server with private IP in the dmz.
What am I missing in the SuSEfirewall2 config?
In principle what you're doing should work, but you have to use real addresses on the internet side
Anders
I do not have external (public) IP's. The SuSEfirewall allows reverse masquerading with private IP's as far as I read here: http://forgeftp.novell.com/susefirewall2/web/FAQ.html#id2480668 (*7. *What if my Server has a private IP address, how do I enable external access then?) :-) Al -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org