Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] DMZ egress access problem
  • From: Maarten J H van den Berg <maarten@xxxxxxx>
  • Date: Fri, 23 May 2003 19:49:57 +0200
  • Message-id: <200305231949.57991.maarten@xxxxxxx>
On Thursday 22 May 2003 10:23, you wrote:
> Hello Maarten

Hi Arjen

> Quoting maarten van den Berg <maarten@xxxxxxx>:
> > FW_MASQ_DEV="eth0 eth2"
>
> Hmm, I don't think it is necessary to masquerade on eth2, and just
> maybe that is the culprit

Yeah... I wondered about that too... The thing is, If I do not masquerade
LAN to my DMZ how do I allow access from LAN to my DMZ servers ?
Am I overlooking something ?

> > FW_FORWARD="0/0,X.Y.Z.160/28,tcp,80 0/0,X.Y.Z.160/28,tcp,22
> > X.Y.Z.160/28,0/0"
>
> This syntax looks correct indeed.
> So remove eth2 from FW_MASQ_DEV and the forward rule from dmz to
> outside, because I think the fw rules that are setup already should
> allow this.

I'll try that.

> If this does not work have a good look at the routing table on the fw
>
> Als the DMZ if should be the default gw for the servers in the DMZ

Yeah. It is.

Maarten

--
This email has been scanned for the presence of computer viruses.

Maarten J. H. van den Berg ~~//~~ network administrator
VBVB - Amsterdam - The Netherlands - http://vbvb.nl
T +31204233288 F +31204233286 G +31651994273

< Previous Next >
Follow Ups