Mailinglist Archive: opensuse-security (7 mails)

< Previous Next >
[opensuse-security] FW_MASQUERADE default behavior ?
Hi,

I'm trying to enable masquerading on a server to allow some internal
hosts to access the internet. From reading the included EXAMPLES file
and the documentation of SuSEfirewall2 I have setup the following
variables:

FW_DEV_EXT="eth0"
FW_DEV_INT="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.10.0/24"

But just setting FW_MASQUERADE="yes" will open up access to the
internet to all of the internal network. For what I have read, this
shouldn't be the correct behavior because then FW_MASQ_NETS wouldn't
have much sense. For now, to be able to block access to the internet
to the entire network I have to do it like this:

FW_MASQ_NETS="!0/0 192.168.10.0/24"

Then it works, access to all subnets is disallowed and then I allow
the subnet I want. AFAIK this shouldn't be necessary, access to the
internet shouldn't be allowed by default. I'm missing something ? this
is on opensuse 12.1.

Cheers,
--
JLB
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
  • No further messages