Hi, I think any rules that edited direct to iptables, will be erased when I use susefirewall later on, would it ? Would be nicer if I can add the rules by still using susefirewall. regards, On Tuesday 27 January 2004 18:01, Fabricio Adorno wrote:
Why don't you go direct through iptables (I think susefirewall do it)? You can write a shell script and use the following rules:
# for web server iptables -A INPUT -d 200.200.200.1 -p tcp --dport 80 -J DNAT --to-destination 192.127.0.2
# for mail server iptables -A INPUT -d 200.200.200.2 -p tcp --dport 25 -J DNAT --to-destination 192.127.0.2
# for ssh server iptables -A INPUT -d 200.200.200.3 -p tcp --dport 80 -J DNAT --to-destination 192.127.0.3
Of course you have to care about other issues.
Best,
Fabrício Adorno
Arie Reynaldi Zanahar wrote:
Hi all,
I just joint suse-security, I have using suse 82. for several months. Right now I have problem using susefirewall2 for my firewall / router. I'd like to change my network topology from this
Internet
| ---------- Web Server 200.200.200.1 | ---------- Mail Server (qmail) 200.200.200.2 | ---------- SSH server 200.200.200.3
SuseFirewall2
LAN
To This : Internet
SuseFirewall (200....1 for web and SSH, 200...2 for mail )
|----------- Web Server 192.127.0.2 |----------- SSH server 192.127.0.3
LAN With this case, if someone go to 200.200.200.1 port 80, will forwarded to my internal webserver 192.127.0.2, and if they use SSH to that IP, it will go to my SSH server. Right now I use astaro secure linux 4 as my firewall and I use NAT for this purpose. With SuSEFirewall2, how can I use it ? I've read EXAMPELS, FAQ and search the web but I still got no clue. If someone can point me examples or documentation to do that, I'd be more greatful.. :)
regards,
-- Arie Reynaldi Zanahar reyman@reynaldi.com