Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] Traffic redirection using SuSEFirewall2
  • From: Manuel Balderrábano <garibolo@xxxxxxxxxx>
  • Date: Thu, 4 Mar 2004 18:30:03 +0100
  • Message-id: <200403041830.03312.garibolo@xxxxxxxxxx>
Of course, that's how i am doing it now, but it masquerades all access to the
web server.

The rule is exactly:

FW_FORWARD_MASQ="0/0,192.168.X.Y,80"

(Where 192.168.X.Y is the web server in the DMZ.)

Maybe I have it wrong?


El Jueves, 4 de Marzo de 2004 16:04, Barry Gill escribió:
> Manuel Balderrábano <garibolo@xxxxxxxxxx> wrote the Mar 4, 2004 2:53 PM:
> > By port redirection I mean that all traffic coming to a specific port of
the
> > firewall will be redirected to a specific server on the DMZ zone, I think
> > this is called circuit-level forwarding.
>
> You can use the FW_FORWARD_MASQ
> [snip from /etc/sysconfig/SuSEfirewall2]
> # Example:
> # 200.200.200.0/24,10.0.0.10,tcp,80,81,202.202.202.202
> # The class C network 200.200.200.0/24 trying to access 202.202.202.202 port
> # 80 will be forwarded to the internal server 10.0.0.10 on port 81.
> # Example:
> # 200.200.200.0/24,10.0.0.10,tcp,80
> # The class C network 200.200.200.0/24 trying to access anything which goes
> # through this firewall ill be forwarded to the internal server 10.0.0.10 on
> # port 80
>
> This way all connections are logged as FW-FORWARD-MASQ
>
>

--
---------------------------------------------------------------------------------
Manuel Balderrábano

e-mail: garibolo@xxxxxxxxxx
---------------------------------------------------------------------------------


< Previous Next >
References