SuSEFirewall2 redirection
Hi all I'm configuring SuSEFirewall2 to masquerade an internal network, and to redirects requests to port 80 to an internal box. Masquerading works fine, but redirects not. I have tried too much and doesn't work : ( - These are the variables that i have used FW_FORWARD="0/0,10.0.0.X,tcp,80" or FW_FORWARD_MASQ="0/0,10.0.0.X,tcp,80,80" - In addition i have tried with configuring the firewall2-custom.rc.config script, with this lines: iptables -A PREROUTING -t nat -p tcp -d REAL_IP --dport 80 -j DNAT --to 10.0.0.X:80 or iptables -A POSTROUTING -t nat -p tcp -i eth0 -j DNAT --to 10.0.0.X:80 Any idea ?? thanks a lot !! Alfredo
Have you tried to set the FW_REDIRECT= variable? Avi
Hi all
I'm configuring SuSEFirewall2 to masquerade an internal network, and to redirects requests to port 80 to an internal box. Masquerading works fine, but redirects not. I have tried too much and doesn't work : (
- These are the variables that i have used
FW_FORWARD="0/0,10.0.0.X,tcp,80" or FW_FORWARD_MASQ="0/0,10.0.0.X,tcp,80,80"
- In addition i have tried with configuring the firewall2-custom.rc.config script, with this lines:
iptables -A PREROUTING -t nat -p tcp -d REAL_IP --dport 80 -j DNAT --to 10.0.0.X:80 or iptables -A POSTROUTING -t nat -p tcp -i eth0 -j DNAT --to 10.0.0.X:80 -- Avi Schwartz avi@CFFtechnologies.com
"I have to share the credit. I invented it, but Bill made it famous." - IBM engineer Dave Bradley describing the control-alt-delete reboot sequence
Yep, i have tried this line and either it did not work FW_REDIRECT="0/0,10.0.0.X,tcp,80,80" by the way, when i use that conf the /var/log/firewall show something like that: SuSE-FW-ACCEPT-REVERSE_MASQIN=eth0 OUT=eth1 SRC=SOME_REAL_IP DST=10.0.0.X LEN=60 TOS=0x08 PREC=0x00 TTL=56 ID=59617 DF PROTO=TCP SPT=3484 DPT=80 WINDOW=32120 RES=0x00 SYN URGP=0 OPT (020405B40402080A4499A8950000000001030300) well.. keep on tryng so... thanks Avi ----- Original Message ----- From: Avi Schwartz <avi@CFFtechnologies.com> To: <suse-linux-e@suse.com> Sent: Tuesday, October 02, 2001 5:14 PM Subject: Re: [SLE] SuSEFirewall2 redirection
Have you tried to set the FW_REDIRECT= variable?
Avi
Hi all
I'm configuring SuSEFirewall2 to masquerade an internal network, and to redirects requests to port 80 to an internal box. Masquerading works fine, but redirects not. I have tried too much and doesn't work : (
- These are the variables that i have used
FW_FORWARD="0/0,10.0.0.X,tcp,80" or FW_FORWARD_MASQ="0/0,10.0.0.X,tcp,80,80"
- In addition i have tried with configuring the firewall2-custom.rc.config script, with this lines:
iptables -A PREROUTING -t nat -p tcp -d REAL_IP --dport 80 -j DNAT --to 10.0.0.X:80 or iptables -A POSTROUTING -t nat -p tcp -i eth0 -j DNAT --to 10.0.0.X:80 -- Avi Schwartz avi@CFFtechnologies.com
"I have to share the credit. I invented it, but Bill made it famous." - IBM engineer Dave Bradley describing the control-alt-delete reboot sequence
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
" Alfredo Flores H." wrote:
Hi all
I'm configuring SuSEFirewall2 to masquerade an internal network, and to redirects requests to port 80 to an internal box. Masquerading works fine, but redirects not. I have tried too much and doesn't work : (
You may want to look at rinetd rather than using kernel level stuff. One rule of firewalling: if you can do it in user land, don't try kernel level stuff... plus, rinetd just plain WORKS, has been used for years. MH
Hi Michael Thanks for the answer. Actually i was using rinetd and other proxy stuff but the problem is that the web logs just record the firewall ip address, and that is not what i (or my boss) want : ) I'm keep on tryng to make this thing work. Thanks again. ----- Original Message ----- From: Michael Hasenstein <mha@suse.com> To: Alfredo Flores H. <afh@bn-g.cl> Cc: <suse-linux-e@suse.com> Sent: Tuesday, October 02, 2001 5:26 PM Subject: Re: [SLE] SuSEFirewall2 redirection
" Alfredo Flores H." wrote:
Hi all
I'm configuring SuSEFirewall2 to masquerade an internal network, and to redirects requests to port 80 to an internal box. Masquerading works
fine,
but redirects not. I have tried too much and doesn't work : (
You may want to look at rinetd rather than using kernel level stuff. One rule of firewalling: if you can do it in user land, don't try kernel level stuff... plus, rinetd just plain WORKS, has been used for years.
MH
participants (3)
-
Alfredo Flores H. -
Avi Schwartz -
Michael Hasenstein