Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
SuSE 7.3 Firewall2 masquerading
Hello everybody,

Here's a somewhat newbiesh question, but I've seen this topic discussed
here. So, I've just moved from RedHat 7.0 to SuSE 7.3 (after an HD failure).
This Linux box is used as a company firewall/masquerader, dns, www and
mailserver. Under RedHat we've used ipchains with it's simplest setup just
to masquerade the internal net on a per machine basis. And, issuing
"ipchains -L" I used to get some 10 lines concerning exactly what I
configured.

With SuSE we tried to set up SuSEfirewall2, and we did it carefully. The
problem is that the machines from the internal net cannot access www or mail
server through its external interface - and the corresponding DENY is logged
clearly. We did not set the firewall protection from the internal net, and
it is accessible internally, but the traditional www.ourdomain.ru (or
mail.ourdomain.ru) points to the external device, which worked fine with
ipchains under RedHat. Now we're using ipchains under SuSE too, but this is
surely wrong (just to mention the inability ro use ftp from inside).

Should we try to reconfigure SuSEfirewall2? Listing of iptables' rules is so
much complicated that I don't think I should read it. Or just throw away the
firewall, issue some iptables' rules thru a script and forget it?

Thanks in advance,
Boris G. Kimel.



< Previous Next >
This Thread
Follow Ups