Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] DMZ egress access problem
  • From: Maarten J H van den Berg <maarten@xxxxxxx>
  • Date: Fri, 23 May 2003 19:49:57 +0200
  • Message-id: <200305231949.57991.maarten@xxxxxxx>
On Thursday 22 May 2003 10:23, you wrote:
> Hello Maarten

Hi Arjen

> Quoting maarten van den Berg <maarten@xxxxxxx>:
> > FW_MASQ_DEV="eth0 eth2"
> Hmm, I don't think it is necessary to masquerade on eth2, and just
> maybe that is the culprit

Yeah... I wondered about that too... The thing is, If I do not masquerade
LAN to my DMZ how do I allow access from LAN to my DMZ servers ?
Am I overlooking something ?

> > FW_FORWARD="0/0,X.Y.Z.160/28,tcp,80 0/0,X.Y.Z.160/28,tcp,22
> > X.Y.Z.160/28,0/0"
> This syntax looks correct indeed.
> So remove eth2 from FW_MASQ_DEV and the forward rule from dmz to
> outside, because I think the fw rules that are setup already should
> allow this.

I'll try that.

> If this does not work have a good look at the routing table on the fw
> Als the DMZ if should be the default gw for the servers in the DMZ

Yeah. It is.


This email has been scanned for the presence of computer viruses.

Maarten J. H. van den Berg ~~//~~ network administrator
VBVB - Amsterdam - The Netherlands -
T +31204233288 F +31204233286 G +31651994273

< Previous Next >
Follow Ups