Hello all, Is it possible to allow masquerading of internal IP addresses to only a single destination address? I have found information on allowing only certain ports/services, but nothing to allow for a particular destination IP address. I am configuring SuSEFirewall on version 7.1Pro. I am trying to allow one machine on my internal network access to a corporate Citrix server via the Internet. The following will work, but I think it will open up more than I need. Does this really threaten the security of my network? All help is greatly appreciated. FW_MASQ_NETS="192.168.1.200/32,tcp,1024:65535" ~Dale P.S. When changing firewall settings, which script do I run to reload the firewall, the "INIT", "SETUP", or "FINAL" script? (Or all three?) ________________________________ Dale Schuster MIS Manager Lake Tahoe Horizon Casino Resort dschuster@horizoncasino.com
Dale Schuster wrote:
I am configuring SuSEFirewall on version 7.1Pro. I am trying to allow one machine on my internal network access to a corporate Citrix server via the Internet. The following will work, but I think it will open up more than I need. Does this really threaten the security of my network? All help is greatly appreciated.
FW_MASQ_NETS="192.168.1.200/32,tcp,1024:65535"
Look at /etc/rc.config/firewall.rc.config (at least on 6.4). You can specify only one machine instead of the whole LAN, and you can specify which ports (but not on the same line). HTH
P.S. When changing firewall settings, which script do I run to reload the firewall, the "INIT", "SETUP", or "FINAL" script? (Or all three?)
rcfirewall restart -- Joe & Sesil Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: www.mydestiny.net/~joe_morris Registered Linux user 231871 "We can stand affliction better than we can prosperity, for in prosperity we forget God." --Dwight Lyman Moody
participants (2)
-
Dale Schuster -
Joe & Sesil Morris (NTM)