Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] How to give access to my DMZ from internal (SuSEfirewall2)
  • From: "andre@do" <andre@xxxxxxxx>
  • Date: Wed, 06 Feb 2002 11:54:43 +0200
  • Message-id: <3C60FD63.9000008@xxxxxxxx>
Andreas Marbet wrote:

(I think there must be a way to let the internal into the DMZ like they came
from external?)

# eth0-addr:10.0.0.100 hooked to ADSL Modem: 10.0.0.138
# eth1-addr:10.3.65.6 internal network
# eth2-addr:192.168.50.1 =DMZ, Mailserver:192.168.50.10

DEV_EXT="ppp0"
FW_DEV_INT="eth0 eth1"
FW_DEV_DMZ="eth2"
FW_ROUTE="yes"
FW_FORWARD=""
FW_FORWARD_MASQ="0/0,192.168.50.10,tcp,25 \
0/0,19.168.50.10,tcp,80 0/0,192.168.50.10,tcp,143 \
0/0,192.168.50.10,tcp,21 0/0,192.168.50.10,tcp,110"


try to put the forwarding rules (INT to DMZ) into FW_FORWARD instead of
FW_FORWARD_MASQ.
for me it worked this way, but I don't know exactly whats the real
difference between these two entries.

Andreas

hi all,


afaik the fw_forward_masq option is only using pvt (non routable ip no's) the fw_forward option req's the mail server etc. to have public ip's
it seems that you are running the dmz off eth2, use public ip's and
use fw_forward.

hth

andre



hth

andre





--
*********************************
Please use http://www.bucks.co.za
*********************************


< Previous Next >
This Thread
References