Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] SuSEfirewall2 and webserver on subinterfaces
You can try this for a change.
Run ifconfig and capture what subinterfaces you're running.
For example if you have eth0:1, eth0:2, eth0:3
Then list them in FW_DEV_EXT

FW_DEV_EXT="eth0 eth0:1 eth0:2 eth0:3"

I haven't tried it, but it just makes sense.

Alex Levit

----- Original Message -----
From: "Holger Steppke" <hos@xxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Friday, December 07, 2001 3:15 AM
Subject: [suse-security] SuSEfirewall2 and webserver on subinterfaces


>
> Hi,
>
> i have a question regards to SuSEfirewall2 and howto setup the stuff.
>
> We have box running the actual 7.3 distribution connectet to the Internet
> and running some webservers on the same box but in a different IP Range on
> subinterfcaes.
>
> +----------------------+
> | |
> ------.eth0 1.0.0.20/24 |
> | |
> .eth0:1 1.0.1.1/24 |
> .eth0:1 1.0.1.2/24 |
> .eth0:1 1.0.1.3/24 |
> .eth0:n 1.0.1.n/24 |
> .eth0:1 1.0.1.4/24 |
> .eth0:254 1.0.1.254/24 |
> | |
> +----------------------+
>
> So i would now like to make it possible that every www server in that
range
> is reachable from the internet but everything else is droped directly on
> eth0.
> I tryed to put a rule like "0/0,1.0.1.0/24,tcp,80" also i tryed "0/0
> 1.0.1.0/24" into FW_FORWARD
> FW_ROUTE is enabled
> I also tryed additionaly to put one of the subinterfaces into the
> FW_DEV_DMZ eth0:7 for example.
>
> Any request gets droped with the msg SuSE-FW-UNALLOWED-TARGET-IN
>
> Any ideas ?
>
> Bye
> Holger
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >
Follow Ups
References