Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
RE: [suse-security] SuSEfirewall2 and webserver on subinterfaces
  • From: "Holger Steppke" <hos@xxxxxxxxx>
  • Date: Fri, 7 Dec 2001 23:22:55 +0100
  • Message-id: <NDBBIJJOMKLFPLMJHFPLKENMGPAA.hos@xxxxxxxxx>
Works perfect, Thanks :)

>-----Original Message-----
>From: Alex Levit [mailto:alex@xxxxxxxxxxx]
>Sent: Friday, December 07, 2001 4:46 PM
>To: suse-security@xxxxxxxx
>Subject: Re: [suse-security] SuSEfirewall2 and webserver on
>subinterfaces
>
>
>You can try this for a change.
>Run ifconfig and capture what subinterfaces you're running.
>For example if you have eth0:1, eth0:2, eth0:3
>Then list them in FW_DEV_EXT
>
>FW_DEV_EXT="eth0 eth0:1 eth0:2 eth0:3"
>
>I haven't tried it, but it just makes sense.
>
>Alex Levit
>
>----- Original Message -----
>From: "Holger Steppke" <hos@xxxxxxxxx>
>To: <suse-security@xxxxxxxx>
>Sent: Friday, December 07, 2001 3:15 AM
>Subject: [suse-security] SuSEfirewall2 and webserver on subinterfaces
>
>
>>
>> Hi,
>>
>> i have a question regards to SuSEfirewall2 and howto setup the stuff.
>>
>> We have box running the actual 7.3 distribution connectet to
>the Internet
>> and running some webservers on the same box but in a different
>IP Range on
>> subinterfcaes.
>>
>> +----------------------+
>> | |
>> ------.eth0 1.0.0.20/24 |
>> | |
>> .eth0:1 1.0.1.1/24 |
>> .eth0:1 1.0.1.2/24 |
>> .eth0:1 1.0.1.3/24 |
>> .eth0:n 1.0.1.n/24 |
>> .eth0:1 1.0.1.4/24 |
>> .eth0:254 1.0.1.254/24 |
>> | |
>> +----------------------+
>>
>> So i would now like to make it possible that every www server in that
>range
>> is reachable from the internet but everything else is droped directly on
>> eth0.
>> I tryed to put a rule like "0/0,1.0.1.0/24,tcp,80" also i tryed "0/0
>> 1.0.1.0/24" into FW_FORWARD
>> FW_ROUTE is enabled
>> I also tryed additionaly to put one of the subinterfaces into the
>> FW_DEV_DMZ eth0:7 for example.
>>
>> Any request gets droped with the msg SuSE-FW-UNALLOWED-TARGET-IN
>>
>> Any ideas ?
>>
>> Bye
>> Holger
>>
>>
>> --
>> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>> For additional commands, e-mail: suse-security-help@xxxxxxxx
>>
>
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >
References