Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] SuSEfirewall2 on 8.0 masq problem
  • From: Volker Kuhlmann <hidden@xxxxxxxxxxxxxxx>
  • Date: Wed, 4 Sep 2002 21:06:02 +1200
  • Message-id: <20020904090602.GC16176@xxxxxxxxxxxxxxx>
> Maybe you get a problem here with the access to the DMZ server from the
> internal network to the external IP address.

The internal machines use the private IP of the server. The server is
pingable, albeit no response from port 80.

> http://lists.suse.com/archive/suse-security/2002-May/0415.html

I only have 1 external IP and 1 server.

> No ping, nothing!? What about the logs on the firewall?

The logs indicate that packets disappear on the firewall without trace.

> You need access from the internet to your domain name server!?
> You have a ntp server (like xntpd) on the firewall which must reachable from
> the internet only?

Ignore these exact settings for now, it's not part of the problem (and
yes, your xntp daemon reads the time servers on port 123).

> > FW_FORWARD="
> > 192.168.2.0/24,192.168.1.1,tcp,80
> > 192.168.2.0/24,192.168.1.1,tcp,443

> Uohhhh, that can't work well, I think, better is:
>
> FW_FORWARD="\
> 192.168.2.0/24,192.168.1.1,tcp,80 \
> 192.168.2.0/24,192.168.1.1,tcp,443 \

That makes absolutely no difference (tried that before posting, and
again now). iptables -nvL shows a lot of rules with ACCEPT target and
with ports 143 and 123 (didn't check the other ports).

Volker

--
Volker Kuhlmann is possibly list0570 with the domain in header
http://volker.orcon.net.nz/ Please do not CC list postings to me.


< Previous Next >