Rowan R. wrote:
I have what I think is a pretty simple set up but for some reason I just cannot get it to work properly.
_____ eth1-----{uplink1} __|___ | F/W | {masq intranet}-eth0---|_____| |____eth2-----{uplink2)
whenever I try to connect to services on eth1 or two from the intranet my connection times out I checked var logs and found the following.
#tail -f /var/log/messages Dec 2 10:45:37 linux-fw kernel: [65074.814640] martian source 68.***.192.234 from 192.168.1.14, on dev eth0 Dec 2 10:45:37 linux-fw kernel: [65074.814663] ll header: 00:c0:9f:19:da:3f:00:b0:d0:24:b5:8d:08:00
I've also copied my SuSEfirewall2 config. any help woudl really be appreciated
FW_DEV_EXT="eth2" FW_DEV_INT="eth0" FW_DEV_DMZ="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="zone:ext"
eth1 is not masqueraded this way. You need to add zone:dmz as well if you want traffic from eth0 to eth1 masqueraded.
FW_MASQ_NETS="0/0"
You may want to restrict that to the network of eth0. Otherwise traffic betwen eth1 and eth2 would be allowed and masqueraded.
FW_FORWARD="192.168.1.0/24,68.164.192.234,tcp,ssh"
Forwarding between private and public IP addresses? You probably want FW_FORWARD_MASQ instead. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org