Mailinglist Archive: opensuse-security (20 mails)

< Previous Next >
Re: [opensuse-security] forwarding tun broadcasts with SuSEfirewall2
  • From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
  • Date: Wed, 24 Feb 2010 08:54:22 +0100
  • Message-id: <201002240854.22320.ludwig.nussel@xxxxxxx>
Hans-Peter Jansen wrote:
If I'm not mistaken, it should be possible to forward UDP broadcasts via tun
devices.

Broadcasts are not fowarded in general as broadcasts are meant for
the local subnet. You need to use bridging if you want multiple
networks to appear as one.
Alternatively, for relaying cups broadcasts only, cupsd.conf has a
BrowseRelay parameter according to the manpage. Maybe that's what
you are looking for.
Another alternative might be to use DNS service discovery instead of
the custom cups broadcasts.

local LAN, although I added tun0 to the internal devices, allowed
broadcasts, cross forwarded the nets to each other, and added the usual
openvpn tun device quirk to scripts/SuSEfirewall2-custom:
[...]
FW_DEV_INT="tun0 eth1"
[...]
scripts/SuSEfirewall2-custom:
fw_custom_after_antispoofing() {
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
}

What do you mean by 'usual quirk'? I've never heard about that.
You've set tun0 as internal so the above custom rules are not
needed.

cu
Ludwig

--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups
References