Hello Justin,
--- "Justin T."
The spoofing that SuSE applies blocks all internal ip addresses from being able to access the external IP address of the server, regardless of the fact that they are received from inside. At least this is what I have seen from SuSEfirewall2. I would suspect such a feature already got some excitement around here, but I'm not able to find references to it anywhere, as the SuSE mailing list archives on their own are not indexed and for worldwide (meta)search I'm probably missing proper keywords.
be blocked as it is coming from the external and not the internal interface. Then I would ask why not allow internal masqueraded network to access router with no limitations in general configuration of FW2 for great majority of home users who are in control? Is the reason for it to be protected from malicious employees in small company networks?
FW_CUSTOMRULES="/etc/sysconfig/SuSEfirewall2-custom" EXT_IP=`ifconfig | grep -A 1 ppp0 | grep inet | awk '{ print $2 }' | awk -F : '{ print $2 }'` possibility of accessing this via the route command, however that does not give me my actual IP. You mean according your way it is also suitable in situation when IP from DSL provider changes because the network disconects after some time and new IP is provided on dial-in?
And the second line that I add is in the fw_custom_before_antispoofing() section: iptables -A INPUT -i eth0 -s 192.168.1.0/24 -d $EXT_IP -j ACCEPT Thanks, I will surely try it out right now and report.
suggestions on what might work better please let me know. Me too. Nevertheless, I am happy to get it working at least as you did.
really seen any information on accessing the external ip with the SuSEfirewall2 from the internal network (other than people saying it isn't good because of spoofing...) Same for me, but I think something like that is good to have.
Time flies, Peter. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com