Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] FW_FORWARD_MASQ
  • From: Daniel Wirth <dw@xxxxxxxxxxxx>
  • Date: Mon, 19 May 2003 16:50:34 +0200 (CEST)
  • Message-id: <Pine.LNX.4.53.0305191633260.6428@xxxxxxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andre - I don't completetly understand your setup. I assume, it looks like this:

internet <--------> firewall <---------> webserver
^ ^ ^
| | |
196.25.208.26 10.0.0.? 10.0.0.7
(eth0) (eth1)

ok, I'd go without a virtual IP first. You can add it to eth0 later. (Yes, eth0, not eth1)
Then, if you use FW_FORWARD_MASQ, I think, you need to enable masquerading and Routing in your Firewall.

then try the following options:
FW_DEV_DMZ="eth1"
FW_FORWARD_MASQ ="0.0/0,10.0.0.7,tcp,80"
FW_FORWARD=""

That worked for my servers.

Regards,
Daniel Wirth

___________________________
Please encrypt all E-Mail!!

PGP Fingerprint:
80AF 107A A1D8 2471 C38A
1EDC 4EA0 8CE2 A271 242E
___________________________


On Mon, 19 May 2003, Andre Vorster wrote:

> Date: Mon, 19 May 2003 16:27:25 +0200
> From: Andre Vorster <andre.vorster@xxxxxxxxxxxxxxxxxxx>
> To: "Suse-Security (E-Mail) (E-mail)" <suse-security@xxxxxxxx>
> Subject: [suse-security] FW_FORWARD_MASQ
>
> Hi All
>
> I am trying to setup SuSEfirewall2 to forward & Masq to a Microsoft web
> server on my internal LAN
> The website runs ASP scripts so I can't, as far as I know hosts it on
> apache. Shoot the damm developer !!!!
>
> The websites IP is 196.25.208.26, I created a virtual adapter eth1:1 with IP
> 196.25.208.28.
>
> I Have
> FW_DEV_DMZ="eth1:1" - (IP-196.25.208.26)
> FW_FORWARD="196.25.208.28,10.0.0.7" - (10.0.0.7 is the private IP of my web
> server)
> FW_FORWARD_MASQ ="0/0 10.0.0.7,tcp,80"
>
> But it does not work ?
>
> Thanks
> Andre
> South Africa
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE+yO9DTqCM4qJxJC4RAmVuAJsGbEYuBXWM78m97N1KmMo2+BLrfACg3JaI
U8u92jH85VvgWrRhojrd7C0=
=Ejz9
-----END PGP SIGNATURE-----


< Previous Next >
Follow Ups
References