[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] another 3-interface firewall problem (two external, no DMZ)


I am running a small enterprise server under Suse 9.0.
The main tasks are: Masquerading an internal network, SMTP, POP3 and web

Everything works nice with two interfaces:
eth0: netmask (leased line with static IP)
eth1: netmask (internal network)
with default route
Web server is listening on, SMTP on both interfaces, POP3 only at
the internal interface

NOW: to keep traffic costs as low as possible, we like to route the main
traffic over a DSL flat rate.
Configuring the DSL stuff gives the aditional ppp0 interface (PPPoE with
eth2), masquerading works and I can see the web server at due to the
additional entry:
iptables -A INPUT -i eth1 -s -d -j ACCEPT

BUT: The address is not responding from the outside any more.
Both eth0 and ppp0 are configured as external interfaces in the SuSEfirewall

I think, the problem can be seen as a sort of load balancing for the leaving
IP packets.

Any hints, how to get the official external IP address working again ?

Best regards

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here