Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
RE: [suse-security] problem with NAT / ip forwarding
  • From: "Pacifico Chavez" <pacifico.chavez@xxxxxxxxxxxxxxxxx>
  • Date: Sat, 17 Aug 2002 10:01:19 -0600
  • Message-id: <001901c24607$53186be0$a584653f@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>

Did you do to configure the ip forward on router linksys ???

-----Mensaje original-----
De: Anders Johansson [mailto:andjoh@xxxxxxxxxxxxxxxxxxxxx]
Enviado el: Sábado, 17 de Agosto de 2002 06:10 a.m.
Para: suse-security@xxxxxxxx
Asunto: Re: [suse-security] problem with NAT / ip forwarding


On Saturday 17 August 2002 13.59, Roger Hayter wrote:
> What I can't understand is why the SuSE server can
> do it. I also would be very interested in an answer from an expert on

> this.

I'm not exactly an expert, but here goes

SuSEfirewall2 has a rule SuSE-FW-NO_ACCESS_INT->FWEXT, controlled by the

following in /sbin/SuSEfirewall2

###############################################################
# Anti Spoofing/Cirumvention protection - interface dependent #
###############################################################
for DEV in $FW_DEV_INT; do
for IP in $DEV_EXT; do
$IPTABLES -A INPUT -j LOG ${LOG}"-NO_ACCESS_INT->FWEXT " -i
$DEV -d
$IP
$IPTABLES -A INPUT -i $DEV -d $IP -j "$DROP"
done
done

As far as I can see it's not controlled by any variable in
/etc/sysconfig. If
you want to bypass it you'd either have to comment out the above, or -I
INPUT
a rule that accepted the packets.

regards
Anders

--
'Deserves [death]. I daresay he does. Many that live deserve death. And
some
that die deserve life. Can you give it to them? Then do not be too eager
to
deal out death in judgement. For even the very wise cannot see all
ends.'
--Tolkien, The Lord of the Rings

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here




< Previous Next >
References