Re: [SLE] no internet through suse firewall2
please send replies to the maillist so other can benefit * steve; <fsanta@arrakis.es> on 26 Mar, 2002 wrote:
On Tuesday 26 March 2002 08:44, you wrote:
Should I remove 3128 and 139 then?
IMO yes and if you are _NOT_ providing FTP service to the world remove 21 also.
This is where you need to define Squid redirection
192.168.0.13/32,0/0,80,3128 192.168.0.14/32,0/0,80,3128
Hi thanks, works great but only for 13 & 14 is there a one liner that would all it to work for all 22 machines?
One line depends on your network setup ie if your MASQ LAN is 192.168.0.0 to 192.168.0.255 then 192.168.0.0/24 would do the trick -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
On Tue, 26 Mar 2002, Togan Muftuoglu wrote:
* steve; <fsanta@arrakis.es> on 26 Mar, 2002 wrote:
On Tuesday 26 March 2002 08:44, you wrote:
Should I remove 3128 and 139 then?
IMO yes and if you are _NOT_ providing FTP service to the world remove 21 also.
This is where you need to define Squid redirection
192.168.0.13/32,0/0,80,3128 192.168.0.14/32,0/0,80,3128
Hi thanks, works great but only for 13 & 14 is there a one liner that would all it to work for all 22 machines?
One line depends on your network setup ie if your MASQ LAN is 192.168.0.0 to 192.168.0.255 then 192.168.0.0/24 would do the trick
Sorry for jumping in here, but I hope this can help with a problem I'm having with port redirection in FW2. The redirection you gave is what I have in SuSEfirewall, but with FW2 in the above example, we're told we would have to put a "tcp" in between the dest(0/0) and the origin port (80). I find this odd since apparently your example works but I wanted to get clarification if possible.. Guess I'll go back and experiment some more. :) Thanks, Ken
* Ken Hughes; <ken@hughesfamily.com> on 26 Mar, 2002 wrote:
Sorry for jumping in here, but I hope this can help with a problem I'm having with port redirection in FW2. The redirection you gave is what I have in SuSEfirewall, but with FW2 in the above example, we're told we would have to put a "tcp" in between the dest(0/0) and the origin port (80). I find this odd since apparently your example works but I wanted to get clarification if possible..
Well I am not using SuSEfirewall2 (as I am running my fw with 2.2.19 so it is SUSEfirewall5-1) However quoting from the firewall2.rc.config says you are correct sorry my mistake. # A redirecting rule consists of 1) source IP/net, 2) destination # IP/net, # 3) protocol (tcp or udp) 3) original destination port and 4) local # port to # redirect the traffic to, seperated by a colon. e.g.: # "10.0.0.0/8,0/0,tcp,80,3128 0/0,172.20.1.1,tcp,80,8080" # 1 2 3 4 5 FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128" would be the correct way for *SuSEfirewall2*. In the mean time Marc heuse needs to update this comments I believe as I counted 5 parameters Sorry for the confusion ( Now I started wondering how it did work for Steve :-0 -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
On Tue, 26 Mar 2002, Togan Muftuoglu wrote:
Well I am not using SuSEfirewall2 (as I am running my fw with 2.2.19 so it is SUSEfirewall5-1) However quoting from the firewall2.rc.config says you are correct sorry my mistake.
# A redirecting rule consists of 1) source IP/net, 2) destination # IP/net, # 3) protocol (tcp or udp) 3) original destination port and 4) local # port to # redirect the traffic to, seperated by a colon. e.g.: # "10.0.0.0/8,0/0,tcp,80,3128 0/0,172.20.1.1,tcp,80,8080" #
1 2 3 4 5 FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128"
would be the correct way for *SuSEfirewall2*. In the mean time Marc heuse needs to update this comments I believe as I counted 5 parameters
Sorry for the confusion ( Now I started wondering how it did work for Steve :-0
Exactly. That was my point in piping up. Since your suggestion appeared to work for Steve, I had this flash of hope that it might work for me too. Thanks for the response just the same, Ken -- With a gentleman I try to be a gentleman and a half, and with a fraud I try to be a fraud and a half. -- Otto von Bismark
participants (2)
-
Ken Hughes -
Togan Muftuoglu