Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
SuSEfirewall2 and webserver on subinterfaces
  • From: "Holger Steppke" <hos@xxxxxxxxx>
  • Date: Fri, 7 Dec 2001 12:15:30 +0100
  • Message-id: <NDBBIJJOMKLFPLMJHFPLCEMMGPAA.hos@xxxxxxxxx>

Hi,

i have a question regards to SuSEfirewall2 and howto setup the stuff.

We have box running the actual 7.3 distribution connectet to the Internet
and running some webservers on the same box but in a different IP Range on
subinterfcaes.

+----------------------+
| |
------.eth0 1.0.0.20/24 |
| |
.eth0:1 1.0.1.1/24 |
.eth0:1 1.0.1.2/24 |
.eth0:1 1.0.1.3/24 |
.eth0:n 1.0.1.n/24 |
.eth0:1 1.0.1.4/24 |
.eth0:254 1.0.1.254/24 |
| |
+----------------------+

So i would now like to make it possible that every www server in that range
is reachable from the internet but everything else is droped directly on
eth0.
I tryed to put a rule like "0/0,1.0.1.0/24,tcp,80" also i tryed "0/0
1.0.1.0/24" into FW_FORWARD
FW_ROUTE is enabled
I also tryed additionaly to put one of the subinterfaces into the
FW_DEV_DMZ eth0:7 for example.

Any request gets droped with the msg SuSE-FW-UNALLOWED-TARGET-IN

Any ideas ?

Bye
Holger


< Previous Next >
Follow Ups