Forgot to reply-all...
best,
Brian
----- Original Message -----
From: "Brian Topping"
----- Original Message ----- From: "Robert Klein"
To: "Brian Topping" ; Sent: Tuesday, March 12, 2002 1:15 PM Subject: Re: [suse-security] Problem forwarding port Brian Topping writes:
ok, lets summarize:
eth0 is ext iface, eth1 is dmz iface, network 204.152.97.0/24 eth2 is int iface, network 192.168.0.0/24
This is correct, sorry that I didn't put this up to begin with.
So, where's your https Server? In your internal network? This might be the problem.
Yes, it's on the internal network
I don't know in detail what rules SuSEFirewall2 creates, but I think it throws away packets forwarded to a "known service" port, i.e. packets to a port below 1023.
To have your https server accessible from the outside you probably have to put it into the DMZ network. Instead of FW_FORWARD_MASQ use FW_FORWARD_MASQ, then.
That doesn't make sense though, /usr/share/doc/packages/SuSEfirewall/EXAMPLES has "inet access to the webserver". SSL isn't any different than regular web service from a protocol perspective, it's just that the data is scrambled.
Are we looking at a bug with the rule generation? This seems like it
would
be something obvious to test, especially testing their examples in the /usr/share/doc/packages/SuSEfirewall/EXAMPLES file.
????
Thanks again!
Brian