Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
RE: [suse-security] Help for SuSEFirewall2
  • From: "Carlos Carrera" <ccarrera@xxxxxxxxxxxxxxx>
  • Date: Fri, 1 Mar 2002 13:05:59 -0500
  • Message-id: <000001c1c14b$be422b40$100010ac@xxxxxxxxxxxxxxx>

En la parte de :

FW_FORWARD_MASQ="194.168.1.2,192.168.1.2,tcp,80"

Esta el error, ya que en la primera parte va el IP de donde se genera la
conexión, es decir, seria asi:


FW_FORWARD_MASQ="0/0,192.168.1.2,tcp,80"


Saludos cordiales,


Carlos Carrera
-----Mensaje original-----
De: amiky@xxxxxxxxxxxx [mailto:amiky@xxxxxxxxxxxx]
Enviado el: Viernes, 01 de Marzo de 2002 06:21 a.m.
Para: suse-security@xxxxxxxx
Asunto: [suse-security] Help for SuSEFirewall2

Hi
I'm a new subscribed to the mailing-list
i'd like to ask you a question about SuSeFirewall2
that i don't configure correctly
Thank you for your interest
this is the configuration scheme

Internet
|
| Web server Web server
| | |
SuSE-Firewall------------------
|
|
|
Internal LAN

external address example (194.168.2.1 194.168.2.2 194.168.3)
external fw interface: eth1 (194.168.2.1)
dmz fw interface: eth2 (192.168.1.1)
internal fw interface: eth0 (192.168.0.1)
internal LAN: 192.168.0.1 netmask 255.255.255.0
ip internal of web sever 192.168.1.2

FW_DEV_EXT="eth1"

FW_DEV_INT="eth0"

FW_DEV_DMZ="eth2"

FW_ROUTE="yes"

FW_MASQUERADE="yes"

FW_MASQ_DEV="$FW_DEV_EXT"

FW_MASQ_NETS="192.168.0.1/24 192.168.1.0/24"

FW_PROTECT_FROM_INTERNAL="no"

FW_AUTOPROTECT_SERVICES="yes"

FW_SERVICES_EXT_TCP="www"

FW_SERVICES_EXT_UDP=""

FW_SERVICES_EXT_IP=""

FW_SERVICES_DMZ_TCP="www"

FW_SERVICES_DMZ_UDP=""

FW_SERVICES_DMZ_IP=""

FW_SERVICES_INT_TCP=""

FW_SERVICES_INT_UDP=""

FW_SERVICES_INT_IP=""

FW_TRUSTED_NETS=""

FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"

FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"

FW_SERVICE_AUTODETECT="yes"

FW_SERVICE_DNS="no"

FW_SERVICE_DHCLIENT="no"

FW_SERVICE_DHCPD="no"

FW_SERVICE_SQUID="no"

FW_SERVICE_SAMBA="no"

FW_FORWARD=""

FW_FORWARD_MASQ="194.168.1.2,192.168.1.2,tcp,80"

FW_REDIRECT=""

FW_LOG_DROP_CRIT="yes"

FW_LOG_DROP_ALL="no"

FW_LOG_ACCEPT_CRIT="yes"

FW_LOG_ACCEPT_ALL="no"

FW_LOG="--log-level warning --log-tcp-options --log-ip-option
--log-prefix SuSE-
FW"

FW_KERNEL_SECURITY="yes"

FW_STOP_KEEP_ROUTING_STATE="no"

FW_ALLOW_PING_FW="yes"

FW_ALLOW_PING_DMZ="yes"

FW_ALLOW_PING_EXT="no"





--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here



< Previous Next >
This Thread
References