[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSEFirewall doesn't work?



Hello!

> What I need is to redirect all incoming connections on port 80 to
> another computer on the DMZ.

NIC-config for the examples:

w.x.y.z external IP (eth0) NIC: dhcp via pppoe or static IP from provider
FW_DEV_EXT="eth0"
192.168.0.x internal net (eth1) NIC: 192.168.0.1
FW_DEV_INT="eth1"
192.168.1.x dmz net (eth2) NIC: 192.168.1.1
FW_DEV_DMZ="eth2"

FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.0.0/24 192.168.1.0,tcp,20:22 192.168.1.0,tcp,80
192.168.1.0,tcp,443 192.168.1.0/24,tcp,1024:65535"


Example for Portforwarding with used masquerading:

/etc/sysconfig/SuSEfirewall2: #14.):

FW_FORWARD_MASQ="0/0,192.168.1.2,tcp,80"

or with iptables:

Redirect Traffic from external to Port 80 to IP 192.168.1.2

iptables -A PREROUTING -t nat -j REDIRECT -p tcp -i eth0 -d
192.168.1.2 --dport 80

Redirect Traffic from external to Port 80 to IP 192.168.1.2 on Port 81

iptables -A PREROUTING -t nat -j REDIRECT -p tcp -i eth0 -d
192.168.1.2 --dport 80 --to-ports 81


Example for 192.168.0.0 - 192.168.0.255 net for transparent Proxy:

/etc/sysconfig/SuSEfirewall2: #15.):

FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128"

or with iptables:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j
REDIRECT --to-port 8080

Philippe


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here