Hi, all -- From reviewing the archives I *believe* I'm in a good place to ask, but I could be wrong. Please be gentle in your redirection :-) I am a loyal :-) SuSE user and am doing some work for a client who has finally switched from SCO UNIX to SCO's version of Linux, which includes SuSEfirewall2 and otherwise looks quite a bit like a SuSE system (gee, go figure!). In any given location he has a static external interface and a 10.x.y.z internal interface and would like to do NATting for his internal windows machines. I am trying to write a script to configure and enable SuSEfirewall2 for this so that he can do a hands-off install on his literally thousands of clients. SCO UNIX used ipf and ipnat, and I got those simple rules worked out. Now I need to do the same thing for iptables and SuSEfirewall2 and I'm pretty lost. Recalling that this has to be a hands-off install, I have whipped up a little script to identify the internal and external interfaces, and then apply cat /etc/sysconfig/SuSEfirewall2.bak.$$ | \ sed \ -e "s/FW_DEV_EXT=.*/FW_DEV_EXT='$EXT'/" \ -e "s/FW_DEV_INT=.*/FW_DEV_INT='$INT'/" \ -e "s/FW_QUICKMODE=.*/FW_QUICKMODE='yes'/" \ -e "s/FW_ROUTE=.*/FW_ROUTE='yes'/" \ -e "s/FW_MASQUERADE=.*/FW_MASQUERADE='yes'/" \ -e "s:FW_MASQ_NETS=.*:FW_MASQ_NETS='10.0.0.0/8':" \ -e "s/FW_SERVICES_QUICK_TCP=.*/FW_SERVICES_QUICK_TCP='telnet ftp ssh www mysql'/" \ -e "s:FW_TRUSTED_NETS=.*:FW_TRUSTED_NETS='10.0.0.0/8':" > \ /etc/sysconfig/SuSEfirewall2 to set the variables accordingly and then create the rc?.d start and stop symlinks for the three scripts. Unfortunately, a client machine on the inside properly pointing to the internal address as its default gateway cannot get through. Having read the example file, asked google for help, read through list archives, and generally poked and prodded everywhere I can, I've come up with many "you need to turn on NAT" but no pointers to how to do so! TIA & HAND :-D -- David T-G * There is too much animal courage in (play) davidtg@xxxxxxxxxxxxxxx * society and not sufficient moral courage. (work) davidtgwork@xxxxxxxxxxxxxxx -- Mary Baker Eddy, "Science and Health" http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
Description: PGP signature