Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
RE: [suse-security] masquerading and port range forwarding to internal host (with a private address)
  • From: "Benoit Gariod" <ben@xxxxxxxx>
  • Date: Fri, 7 Nov 2003 15:42:47 +0100
  • Message-id: <KNEOIEKNJIOHLAPDKAHHOEGCCCAA.ben@xxxxxxxx>
I'm already running 2.4, and iptables (said so in my message).
>From what i gater from your and Barry's messages, i already had it figured
out, but the online documentation had me confused, so i was looking at the
wrong place.
I should have just sticked to the #comments in the file and then mimmicked
the syntax used in other options for the port ranges. thanks for clearing
that one out barry, very much appreciated :D
I'll try that way and report back

Benoit Gariod

-----Original Message-----
From: Renan Yigitaslan [mailto:renan@xxxxxxxxxxxxxxx]
Sent: Friday, November 07, 2003 2:17 PM
To: Benoit Gariod
Subject: Re: [suse-security] masquerading and port range forwarding to
internal host (with a private address)


Hello Ben,
You must update your kernel 2.2.1 to 2.4.x if you will use iptables support.
You can update your kernel with yast. Very easy and fast solution.
Definitely you must type FW_ROUTE="yes" and
FW_ALLOW_INCOMING_HIGHPORTS_TCP(UDP)="yes or port_number".
and you must type
FW_FORWARD="source_ip,dest_ip,protocol,dest_port" if not use masqueraded
network
ex.
FW_FORWARD="0/0,10.1.1.1,tcp,12010:12100"
if use masqueraded network you must use FW_FORWARD_MASQ expression
ex.
FW_FORWARD_MASQ="0/0,10.1.1.1,tcp,12030:12100"
good lucks.

Fidel Renan

----- Original Message -----
From: "Benoit Gariod" <ben@xxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Friday, November 07, 2003 2:23 PM
Subject: [suse-security] masquerading and port range forwarding to internal
host (with a private address)


> Hello
>
> I'm running 8.2 and so far i've ben able to use
/etc/sysconfig/SuSEfirewall2
> to do all the firewalling i wanted, but now i want to forward a whole port
> range to one of the host on the internal network, and the only option
> (FW_FORWARD) takes 2 public IP addies as arguments (from what i read about
> it on the list archive anyway). Problem is, most of the messages i've read
> are quite old (2000-2001) and address 2.2 kernel issues.
> i run iptables (came with 2.4 kernel, and it did what i wanted it to), so
> i'm asking here in a fresh message.
>
> so, in short, if i want to forward ports 12030-12100 to a host on my
> internal network, can i do it with /etc/sysconfig/SuSEfirewall2 or do i
have
> to input an iptables rule myself?
> could anyone help building said rule?
>
> thanks a lot
>
> Ben
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>



< Previous Next >
This Thread
  • No further messages