Mailinglist Archive: opensuse-packaging (129 mails)

< Previous Next >
Re: [opensuse-packaging] How to convert these iptables rules to SuSEfirewall2?
On Thu, Jan 21, 2016 at 04:25:12PM +0800, Marguerite Su wrote:
Hi, Marcus

On Tue, Jan 19, 2016 at 2:48 AM, Marcus Meissner <meissner@xxxxxxx> wrote:
sudo /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j
MASQUERADE
sudo /sbin/iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT

and then you an enable the service with
FW_CONFIGURATIONS_EXT="ocserv"


j
The masquerading ... is this really intended this way as I pretty much
doubt that
that everyone has this kind of network layout.

FW_ROUTE="yes"
FW_MASQUERADE="yes"

will masquerade the internal network zone towards the external network zone.

Is there any place I can write FW_ROUTE/FW_MASQUERADE?

I would like to let user just:

1. install ocserv and start the systemd service
2. the firewall is all configured

AND:

sudo /sbin/iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT

how to convert this rule?

Where is this 192.168.1.0/24 network supposed to be? The machines local network?

(FW_MASQUERADE="yes" would basically masquerade the internal network to the
outside.)

But I think this does not make sense at all for a package installation, sorry.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups