[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    SuSEfirewall2 upgrade problem
From:       Philip Warner <pjw () rhyme ! com ! au>
Date:       2001-04-27 16:58:46
[Download RAW message or body]

I have a firwall machine that is also my name server, connected to the
internet by semi-permanent PPP links. I have fixed addresses for each end
of the PPP link (defined by the ISP), and my own C-class address space for
the network:

{World}---ISP_ADDR_1:ppp:ISP_ADDR_2---My_Machine(DNS)---MY_ADDR:eth0:---masq
 network

(I hope that makes sense). The masqueraded network is in the same C-class
address space as MY_ADDR.

This works fine with SuSEfirewall 4.x, but when I try to use SuSEfirewall2,
packets sent from the ourside world to my server at MY_ADDR get dropped.
The tables seem require that all INPUT traffic be addressed to ISP_ADDR_2.

Is there any simple way to allow the server address to be treated in the
same way as the ppp link address? ie. allow telnet/www/smtp connections to
www.MY_HOST_NAME.com, where www.MY_HOST_NAME.com resolves to MY_ADDR?


----------------------------------------------------------------
Philip Warner                    |     __---_____
Albatross Consulting Pty. Ltd.   |----/       -  \
(A.B.N. 75 008 659 498)          |          /(@)   ______---_
Tel: (+61) 0500 83 82 81         |                 _________  \
Fax: (+61) 0500 83 82 82         |                 ___________ |
Http://www.rhyme.com.au          |                /           \|
                                 |    --________--
PGP key available upon request,  |  /
and from pgp5.ai.mit.edu:11371   |/

[prev in list] [next in list] [prev in thread] [next in thread]