Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Help: Port Forwarding using SuSEfirewall2
  • From: Nadeem Hasan <nhasan@xxxxxxxxx>
  • Date: Tue, 01 Jan 2002 17:53:06 -0500
  • Message-id: <3C323DD2.1C541D6A@xxxxxxxxx>
Luke Loh wrote:
>
> My apologies if this is not the right place to ask for help with regards to
> SuSEfirewall2, in which case please point me in the right direction.

I guess this is the right place :) I use it for the same.

<snip>

> FW_SERVICE_DNS="yes"
> FW_SERVICES_EXT_TCP="53" <---- curious, are these necessary? I assume so
> because if port 53 isn't open the firewall will drop the packet before port
> forwarding
> FW_SERVICES_EXT_UDP="53"

You need the above only if you are runing bind or any DNS service *on*
the
firewall itself. In your case that is not necessary.

> I don't think it is a BIND9 problem because I can successfully contact and
> resolve names from both my DMZ and my LAN (using the private IP address). I
> just can't get the internet to see my DNS server.

I assume you have only one static IP available for you, as you are using
private addresses in your DMZ. What is the IP address you are using from
outside to get to your nameserver? It should be the public IP address
assigned to the external interface of your firewall. Also, look into
your
logs to see if anything comes up there in case you still can't reach
your it.

> Also, do I need to have inetd running at all?

Depends on what you are looking to do. Its not needed in above scenario.

Cheers,
--
Nadeem Hasan
nhasan@xxxxxxxxx
http://www.nadmm.com/

< Previous Next >
This Thread
References