[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] SuSEfirewall2 and FW_FORWARD_MASQ



Hi everyone,

I have a setup where I need to forward and masquerade traffic to an internal box from my SuSE 9.0. I use the following:

FW_FORWARD_MASQ="0/0,10.0.0.1,tcp,22,22,XXX"

where XXX. is my external IP. But with this rule nothing works, I can only connect to the box when I add:

FW_MASQ_NETS="10.0.0.1/32"

But that opens the whole internet for the internal box. Is there a way to prevent this in SuSEfirewall2 or do I need to add a custom rule? As far as I see it FW_MASQ_NETS can only deal with destination-ports, not with source ports, which is very regrettable.

Greetings,

Ralf

Attachment: signature.asc
Description: OpenPGP digital signature