|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ulv Michel (ulv.michel
ebs.de)Date: Wed Aug 22 2001 - 13:44:45 CDT
Hi all,
I have a very serious problem with SuSEfirewall2 running on a SuSE 7.2
machine.
Our network setup is as follows:
[external] Firewall1 [dmz] Firewall2 [internal]
212.189.x.x|----------| 195.145.y.y |------------|192.168.z.z
-----------------------------| |------------------------------|
|--------------
eth1|----------|eth0 eth1|------------|eth0
Firewall2 is working fine thanks to masquerading. The problem with Fw1 is
that it won't route packages sent from the dmz or the internal network to
the internet. Allowing the internet access to servers in the dmz is no
problem but the other way round it simply won't work.
I'll paste the settings from my firewall2.rc.config:
FW_DEV_EXT="eth1"
FW_DEV_DMZ="eth0
FW_ROUTE="yes"
FW_MASQUERADE="no"
FW_AUTOPROTECT_SERVICES="yes
FW_SERVICES_EXT_TCP="53 25 ssh"
FW_SERVICES_EXT_UDP="53 25 ssh"
# Common: smtp domain
FW_SERVICES_DMZ_TCP="ssh 53 25
# Common: domain
FW_SERVICES_DMZ_UDP="ssh 53 25
FW_TRUSTED_NETS=""
FW_SERVICE_AUTODETECT="no"
FW_SERVICE_DNS="yes"
#DMZ FORWARDS
FW_FORWARD="0/0,195.145.238.0/24,tcp,80 0/0,195.145.238.0/24,udp,80"
all other things are left untouched.
In die /var/log/firewall are messages like
Aug 22 18:00:02 mail kernel: SuSE-FW-DROP-DEFAULTIN=eth0 OUT=eth1
SRC=195.145.238.x DST=194.246.y.y LEN=59 ...
I want to allow machines in the dmz to access all machines in the internet
without restrictions. How do I do this? What's wrong in my config?
Thanks in advance
Cheers
Ulv
-- To unsubscribe, e-mail: suse-security-unsubscribe
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]