Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Help: Port Forwarding using SuSEfirewall2
  • From: Luke Loh <lloh@xxxxxxxxxx>
  • Date: Wed, 2 Jan 2002 09:10:32 +1100
  • Message-id: <C1088DE5732FD3119C4B0090274DC69EDC4BCF@xxxxxxxxxxx>
My apologies if this is not the right place to ask for help with regards to
SuSEfirewall2, in which case please point me in the right direction.

I'm running an out-of-box install of SuSE 7.3, kernel 2.4.10 and using Marc
Heuse's SuSEfirewall2 script. I've gone through the examples and readme and
everything works fine except for port forwarding.

My scenario:

Internet ------ Firewall ------- LAN
|
DMZ

I'm running a DNS server on a private ip address in my DMZ and I need the
firewall to automatically forward all requests to tcp + udp 53 to my DNS
server, which is 192.168.1.2.

I've set up the following in firewall.rc.config:

FW_FORWARD_MASQ="0/0,192.168.1.2,tcp,53 0/0,192.168.1.2,udp,53"
FW_SERVICE_DNS="yes"
FW_SERVICES_EXT_TCP="53" <---- curious, are these necessary? I assume so
because if port 53 isn't open the firewall will drop the packet before port
forwarding
FW_SERVICES_EXT_UDP="53"

I don't think it is a BIND9 problem because I can successfully contact and
resolve names from both my DMZ and my LAN (using the private IP address). I
just can't get the internet to see my DNS server.

Also, do I need to have inetd running at all?

Luke Loh
Network Engineer
Nicholls Price Pty Ltd
Ph : 61 2 9222 9155
Fx : 61 2 9222 9166
www.nph.com.au
Level 1, 70 Pitt Street
Sydney NSW 2000


< Previous Next >
This Thread
Follow Ups