Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] DMZ egress access problem
  • From: Arjen Runsink <arjen@xxxxxxxxxxx>
  • Date: Thu, 22 May 2003 10:23:32 +0200
  • Message-id: <1053591812.3ecc89045623b@xxxxxxxxxxxxxxxx>
Hello Maarten

Quoting maarten van den Berg <maarten@xxxxxxx>:

> FW_MASQ_DEV="eth0 eth2"

Hmm, I don't think it is necessary to masquerade on eth2, and just maybe
that is the culprit

> FW_FORWARD="0/0,X.Y.Z.160/28,tcp,80 0/0,X.Y.Z.160/28,tcp,22
> X.Y.Z.160/28,0/0"

This syntax looks correct indeed.
So remove eth2 from FW_MASQ_DEV and the forward rule from dmz to
outside, because I think the fw rules that are setup already should
allow this.

If this does not work have a good look at the routing table on the fw

Als the DMZ if should be the default gw for the servers in the DMZ

BB, Arjen

This mail sent through IMP:

< Previous Next >