Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] problem with NAT / ip forwarding
  • From: Matt McClendon <matt@xxxxxxx>
  • Date: Sat, 17 Aug 2002 14:24:25 -0400
  • Message-id: <200208171424.25284.matt@xxxxxxx>
The best (most secure, I would think) way to allow access to whatever service
you're running on the outside IP would be to have that service bind itself to
the inner IP as well. Older Suse installations would allow inside people
access to services running on external IPs, but more recent versions do not.
To me, it make sense on some level that you want to eliminate all
thru-firewall traffic that you possibly can, on the grounds of security.
Just bind your service (whether it be apache, sendmail, or a counter-strike
server :) to both internal AND external IP.

-Matt

On Saturday 17 August 2002 07:38, Wojtek wrote:
> Hello,
>
> I have a problem related to NAT and IP forwarding:
>
> My SuSE server has two network interfaces. One is conneted to a
> LinkSys DSL router (which is conntected to the internet), the other is
> conncted to my LAN.
>
> The problem is that I am not able to access my SuSE server from inside
> the network with my external IP. Maybe I am missing some routing
> entry?
>
> Here's how my network is setup:
>
> SuSE server has 2 interfaces:
> eth0 (192.168.2.2) connected to LAN
> eth1 (192.168.1.2) connected to an Linksys router (192.168.1.1) which
> is doing NAT.
>
> On the Linksys router I forwarded port 80 to my SuSE server.
>
> Clients from outside (internet) can connect to my SuSE server via the
> external IP.
>
> The SuSE server itself can connect to itself via the external IP.
>
> An internal client of the 192.168.2.0 network is not able to connect
> to the SuSE server using the external IP. The client end's up on the
> Linksys router.
>
> What is the problem?
>
>
> THANKS IN ADVANCE,
> Wojtek
>
>
> Here's a simple diagram of my network:
>
> +-----------------+
>
> | Linksys router |
> | doing NAT |
> |
> | if0: external IP|
> | if1: 192.168.1.1|
> |
> | if0 if1 |
>
> +--+-------+------+ +------------------+
> +----------+
>
> | | | SuSE server | | LAN/
> | | | | eth0 192.168.2.2 +----------------+
> | | | SWITCH |
>
> /--+----\ +------------+ eth1 192.168.1.2 | |
> |
>
> | inter | | |
> | +----+-----+ net | +------------------+
> | |
>
> \-------/
> +--------------+
>
> | hal9000
|
> |
192.168.2.120|
>
>
> +--------------+


< Previous Next >
References