Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] firewall2 and portforwarding
  • From: "Argentium G. Tiger" <agtiger@xxxxxxxxx>
  • Date: Sun, 20 Jan 2002 08:42:32 -0600
  • Message-id: <>

Then is this exsample correct?
So everybody will get access to the mashine on port 5600 per
tcp, right?

I do a fair amount of Port Forwarding using SuSEFirewall2, with a 2.4

Here's some examples I cooked up for you, using your example of an internal
network of 192.168.0.[whatever]

Let's say I wanted to allow the internet addresses of "1.2.3.[whatever]"
through to on tcp AND udp ports 5631 and 5632 so I could
connect to pcanywhere running on a windohs box.

FW_FORWARD_MASQ=",,tcp,5631 \,,udp,5631 \,,tcp,5632 \,,udp,5632"

Let's add to that: Let's say that I have *another* pcanywhere windows box
on the inside, at, and I want to be able to reach it as well.
Just for fun, I'd also only like to access the .30 machine from one
different external IP address:, but none of the other
5.6.7.[whatever] machines other than .8 should get access.

Obviously, we can't use ports 5631 and 5632 on the firewall, those are
now port-forwarded to the machine. So... We'll pick a different
pair (5633, and 5634), and forward them to 5631 and 5632 on

Now our forward statement will look like this:

FW_FORWARD_MASQ=",,tcp,5631 \,,udp,5631 \,,tcp,5632 \,,udp,5632 \,,tcp,5633,5631 \,,udp,5633,5631 \,,tcp,5634,5632 \,,udp,5634,5632"

Finally, to accomplish your specific request:


And if you wanted to use a different port to bring something in to port
5600 on the .15 machine:

FW_FORWARD_MASQ="0/0,,tcp,[port on firewall],5600"

Have fun!


< Previous Next >