Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] Traffic redirection using SuSEFirewall2
  • From: Manuel Balderrábano <garibolo@xxxxxxxxxx>
  • Date: Mon, 8 Mar 2004 14:19:45 +0100
  • Message-id: <200403081419.45363.garibolo@xxxxxxxxxx>
Hi.

Up to this date I have not been able to solve the problem, so my apache web
server's logs are useless in case anything happends.

Can anyone please help me?


El Jueves, 4 de Marzo de 2004 18:30, Manuel Balderrábano escribió:
> Of course, that's how i am doing it now, but it masquerades all access to
the
> web server.
>
> The rule is exactly:
>
> FW_FORWARD_MASQ="0/0,192.168.X.Y,80"
>
> (Where 192.168.X.Y is the web server in the DMZ.)
>
> Maybe I have it wrong?
>
>
> El Jueves, 4 de Marzo de 2004 16:04, Barry Gill escribió:
> > Manuel Balderrábano <garibolo@xxxxxxxxxx> wrote the Mar 4, 2004 2:53 PM:
> > > By port redirection I mean that all traffic coming to a specific port of
> the
> > > firewall will be redirected to a specific server on the DMZ zone, I
think
> > > this is called circuit-level forwarding.
> >
> > You can use the FW_FORWARD_MASQ
> > [snip from /etc/sysconfig/SuSEfirewall2]
> > # Example:
> > # 200.200.200.0/24,10.0.0.10,tcp,80,81,202.202.202.202
> > # The class C network 200.200.200.0/24 trying to access 202.202.202.202
port
> > # 80 will be forwarded to the internal server 10.0.0.10 on port 81.
> > # Example:
> > # 200.200.200.0/24,10.0.0.10,tcp,80
> > # The class C network 200.200.200.0/24 trying to access anything which
goes
> > # through this firewall ill be forwarded to the internal server 10.0.0.10
on
> > # port 80
> >
> > This way all connections are logged as FW-FORWARD-MASQ
> >
> >
>
> --
>
---------------------------------------------------------------------------------
> Manuel Balderrábano
>
> e-mail: garibolo@xxxxxxxxxx
>
---------------------------------------------------------------------------------
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>

--
---------------------------------------------------------------------------------
Manuel Balderrábano

e-mail: garibolo@xxxxxxxxxx
---------------------------------------------------------------------------------


< Previous Next >