Mailinglist Archive: opensuse-security (396 mails)

< Previous Next >
3 SuSEfirewall2 questions
  • From: Richard Ems <r.ems.mtg@xxxxxxx>
  • Date: Tue, 21 Jan 2003 18:32:32 +0100
  • Message-id: <3E2D8430.8000701@xxxxxxx>
Hi list.

This is my 2nd try.
I hope this time I get some answers ;-)

I have 3 questions about SuSEfirewall2.
This is a SuSE Linux 8.1 system.

1) What is NEW_FW_MASQ_DEV good for?

I have in my /etc/sysconfig/SuSEfirewall2

FW_DEV_EXT="eth0 eth0:3"



but in /sbin/SuSEfirewall2 (from SuSEfirewall2-3.1-26) FW_MASQ_DEV is
"filtered" and eth0:3 discarded. So after this filtering I have only

Is this needed/wanted? Why?

2) I'm trying to connect from a public external ip (a) to a private
internal masqueraded ip, over the public ip address (b) at eth0:3.

From tcpdump on both the external and internal devices, pakets are
being correctly forwarded from ext to int, but when responses arrive at
the internal device they are being dropped on the last forward_int chain

For this to work I have set on /etc/sysconfig/SuSEfirewall2

where is the ext source public ip (a)
and is the public ip address (b)

Does someone have any clue?

3) What do _ext/_int/_dmz mean on forward_xxx or input_xxx ?
[forward|input]_pakets_GOING_TO_xxx ???

Many thanks, Richard

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

< Previous Next >
Follow Ups