This is from one session:
SFW2-FWDext-ACC-FORW IN=eth0 OUT=eth0 SRC=10.100.200.10 DST=10.111.40.15 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=16576 DF PROTO=TCP SPT=4190 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
SFW2-FWDext-DROP-DEFLT-INV IN=eth0 OUT=eth0 SRC=10.100.200.10 DST=10.111.40.15 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=16577 DF PROTO=TCP SPT=4190 DPT=80 WINDOW=65535 RES=0x00 ACK URGP=0 Now I am confused.. I thought you said your firewall was redirecting all http traffic to the squid proxy.
<snip> Hmmm, I think I realize now why it doesn't work. Since my squid server isn't a router in its true meaning it doesn't see the ACK my web server sends as a reply to the SYN (since that traffic goes directly from the web server to the client). Therefore it doesn't see my client's subsequent ACK as RELATED or ESTABLISHED. Since I don't use a proxy, I'm probably way off-mark here, but I thought all the traffic was supposed to travel through the proxy -- nothing
On 2006-12-15 01:21, Peder wrote: direct between web server and client.
I guess my setup is a bit too unorthdox for SuSEfirewall2 but I still don't get why it doesn't have an option to accept _all_ forwarding.
I don't think anyone anticipated doing things as you are doing them :-) You essentially have a single network card functioning as both the internal and external interfaces. You may be able to continue to use SuSEfirewall2, by placing your own rule(s) into the fw_custom_before_masq function in /etc/sysconfig/scripts/SuSEfirewall2-custom. Make sure to set the FW_CUSTOMRULES variable in the firewall config file (Yast/System/sysconfig editor, Network/firewall/susefirewall2) if you do. -- The best way to accelerate a computer running Windows is at 9.81 m/s² -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org