LLLActive@GMX.Net wrote:
Hi all,
I am setting up a SuSEfirewall2. I need external access to the internal/dmz for on specific machine and port.
I read all I could find about using FW_FORWARD_MASQ="0/0,192.168.0.10,tcp,80 0/0,192.168.0.10,icmp,80" (also needing FW_ROUTE="yes" and FW_MASQUESRADE="yes").
I can ping the firewall IP on both NIC's (e.g. 192.168.0.1 internal NIC and 192.168.176.1 external NIC) from external IP 192.168.176.10
I cannot ping the internal machines (e.g. 192.168.0.10) from 192.168.176.10
I have the same problem on another FW for internet access on a web server with private IP in the dmz.
What am I missing in the SuSEfirewall2 config?
TIA Al
Uh, How are you getting your internet?? If you have a router, why not just set the WAN IP as the public IP, and then configure the port forwarding to forward ports 80 & 443 to the machine in question. That way all addresses inside the router are local/internal IPs. On your apache box, I would still configure you NIC on an "external zone" as far as SuSEFirewall2 is concerned and allow only ssh and http and https access. The router gets around all the internal/external problems you are dealing with. I run a setup like this: WAN/Public IP | | internet router | <--------->[66.76.63.120] | LAN/Private IP Gateway IP | (192.168.0.0/24) [192.168.0.13] | | | ______________ | | port 80 | | |--------+------------>| Apache2 | | | port 443 | Server | |--------+------------>| | | | | | -------------- | If you don't have a configurable router $40 goes a long way... -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org