|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Michael Boettjer (michael_at_boettjer.org)
Date: Sun Oct 13 2002 - 07:24:41 CDT
Hi there,
i use SuSEfirewall2 on a SuSE 7.2-Gateway.
The Firewall has 3 Interfaces - one in direction of the internet (official
IP), one to the inner-LAN (192.168.20.x) and one to the DMZ (192.168.70.x).
The Computer in the DMZ (Webserver) has an internal IP-Adress
(192.168.70.y), so i have to port-masquerade.
The inner-LAN-Clients can reach the Webserver because i'm using the
"FW_FORWARD"-Parameter in SuSEfirewall-Config-File. One of the entries is
"192.168.20.0/24,192.168.70.10,tcp,80".
All works fine.
But now i want to add a second Server (Mail) to the DMZ. I added the
appropriate entry to the FW-FORWARD-Parameter. I can ping the two Servers
from the firewall succesful.
But from an inner-LAN-Client i can only reach the Webserver, but not the
Mailserver. Neither a ping works still a telnet to the SMTP-Port. The
Firewall-Logs relative to DENYs or so what is empty.
But why?
When i add the Mailserver to the "FW_FORWARD_MASQ"-Parameter, i can reach
the Box from the internet without problems.
Thanks in advance for help.
Michael
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to security
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]