Argentium, As far as I can tell, the SuSEfirewall script will not forward ports to another machine. It will redirect ports to a different port on the same machine. My quick and dirty solution is to just insert the lines below near the end of the script. When I get a little time, I intend to make a better solution. # FIXME: kludge for SSH and HTTP redirection test "$1" = start && { ipmasqadm mfw -F # flush rules $IPCHAINS -I input -j "$ACCEPT" -p tcp -i eth0 --dport 61222 --mark 1 -l -y ipmasqadm mfw -I -m 1 -r 172.20.10.18 ssh $IPCHAINS -I input -j "$ACCEPT" -p tcp -i eth0 --dport 61223 --mark 2 -l -y ipmasqadm mfw -I -m 2 -r 172.20.10.24 80 exit 0 } This redirects 61222 on the firewall (eth0) to SSH on 172.20.10.18, similarly port 61223 goes to the Web server on 172.20.10.24. HTH, Jeffrey Quoting Argentium G. Tiger <agtiger@kc.rr.com>:
Jeffrey Taylor writes:
The IPchains package does this. I use the ipchain mark option and "ipmasqadm mfw" command to forward ports on my firewall to internal servers (Apache and SSH). Works like a champ.
Could you provide actual examples? I've been trying to use Marc Heuse's SuSEfirewall package (4.0) to do this, and I've been having no luck/joy with forwarding individual ports on the firewall to specific machines on the internal masqueraded network behind the firewall. I can't figure out what I'm doing wrong. :-( Even Marc says it should work with some of the sample configs I've sent over to him.
I'm wondering if /etc/hosts.allow and /etc/hosts.deny have something to do with the problem.
Argentium
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq