Hi Or the better solution (without keeping your firewall computer fully open for inside word) is: In firewall2-custom.rc.config add something like this (ex about allowing http, https and proxy to external interface from internal word): iptables -I INPUT x+0 -i eth0 -p tcp --dport 80 -j input_int iptables -I INPUT x+1 -i eth0 -p tcp --dport 443 -j input_int iptables -I INPUT x+2 -i eth0 -p tcp --dport 8080 -j input_int Where eth0 is an internal interface.. And x - is a rule number before rule responsible for dropping all traffic between internal and external: 92 6321 DROP all -- eth0 any anywhere 255.255.255.255 24 1542 LOG all -- eth0 any anywhere your.ext.ip.address LOG level warning tcp-options ip-options prefix `SuSE-FW-NO_ACCESS_INT->FWEXT ' Best place for such rules in firewall2-custom.rc.config is function called fw_custom_before_denyall(). Please remember of allowing firewall2-custom.rc.config in firewall2.rc.config ! FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config" Best regards Marcin Gryszczuk At 11:54 01-08-2002 +0200, Mathias Homann wrote:
Hi..
I've got the same, but I think this is an feature ;-)
I have also no solution, but I think it could have someting todo with these entries:
FW_PROTECT_FROM_INTERNAL="yes"
Have You tried here an "NO"?
I have the very same problem and I have FW_PROTECT_FROM_INTERNAL="no" so that is no solution...
bye, MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here