-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On 12/12/06 18:55, Anders Johansson wrote:
What's the "correct" way to persuade SuSEfirewall2 in 10.2 to accept all forwarding? I've looked in /etc/sysconfig/SuSEfirewall2 and found the FW_FORWARD but even though I set it to "10.100.200.0/24,0/0" it seems to drop some packages. Maybe you meant "drop some packets" :-P Is packet forwarding enabled? (i.e.: /proc/sys/net/ipv4/ip_forward set to 1). Did you put the appropriate rules in POSTROUTING chain?
BTW, is not safe to allow forwarding from 0/0. The rule says to forward to 0/0, not from, which should be safe enough My fault, I don't know much about SuSEfirewall2. I don't like it, cause I want to know what the firewall is doing.
But given that the network is 10.x.x.x, which is private, I wonder if perhaps masquerading shouldn't be used instead, since otherwise it won't be possible to reach external addresses That's what I meant with "appropriate POSTROUTING rules".
Hoper Edei Deixai (όπερ΄έδει δεϊξαι) aka QED OpenPGP key ID: 0x58D14EB3 Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3 Check fingerprints before trusting a key! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFfvRGH+Dh0Dl5XacRA08/AJ4pLvT19EsHd8Kc22xaFW2zqqDU3QCfSpZf U72+8cKNo8wRQGrpKCnb65M= =Ud4I -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org