[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] using susefirewall2 for NAT



Hi,

I think any rules that edited direct to iptables, will be erased when I use 
susefirewall later on, would it ? Would be nicer if I can add the rules by 
still using susefirewall. 

regards,

On Tuesday 27 January 2004 18:01, Fabricio Adorno wrote:
> Why don't you go direct through iptables (I think susefirewall do it)?
> You can write a shell script and use the following rules:
>
> # for web server
> iptables -A INPUT -d 200.200.200.1 -p tcp --dport 80 -J DNAT
> --to-destination 192.127.0.2
>
> # for mail server
> iptables -A INPUT -d 200.200.200.2 -p tcp --dport 25 -J DNAT
> --to-destination 192.127.0.2
>
> # for ssh server
> iptables -A INPUT -d 200.200.200.3 -p tcp --dport 80 -J DNAT
> --to-destination 192.127.0.3
>
> Of course you have to care about other issues.
>
> Best,
>
> Fabrício Adorno
>
> Arie Reynaldi Zanahar wrote:
> >Hi all,
> >
> >I just joint suse-security, I have using suse 82. for several months.
> > Right now I have problem using susefirewall2 for my firewall / router.
> > I'd like to change my network topology from this
> >
> >		Internet
> >
> >		    | ---------- Web Server 200.200.200.1
> >		    | ---------- Mail Server (qmail) 200.200.200.2
> >		    | ---------- SSH server 200.200.200.3
> >
> >	 	SuseFirewall2
> >
> >
> >		LAN
> >
> >To This :
> >		Internet
> >
> >
> >
> >		SuseFirewall (200....1 for web and SSH, 200...2 for mail )
> >
> >		    |----------- Web Server 192.127.0.2
> >		    |----------- SSH server 192.127.0.3
> >
> >		   LAN
> >With this case, if someone go to 200.200.200.1 port 80, will forwarded to
> > my internal webserver 192.127.0.2, and if they use SSH to that IP, it
> > will go to my SSH server.
> >Right now I use astaro secure linux 4 as my firewall and I use NAT for
> > this purpose.
> >With SuSEFirewall2, how can I use it ? I've read EXAMPELS, FAQ and search
> > the web but I still got no clue. If someone can point me examples or
> >documentation to do that, I'd be more greatful.. :)
> >
> >regards,

-- 
Arie Reynaldi Zanahar
reyman@xxxxxxxxxxxx


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here