[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] SuSEfirewall2 not routing when both nics on same subnet



I want to do basic filtering of ports without having to masquerade. From
everything I have read (including the unofficial guide to SuSEfirewall) the
below config should do that. Unfortunately I cannot get the firewall to
route to eth1 or anything behind it. I am a noob at this so any guidance
would be greatly appreciated.

Thanks in advance,
Dave


The Ip's have been changed for obvious reasons.


Internet
   |
   |
  eth0 (1.1.1.1)
   |
   FireWall---eth1 (1.1.1.2)
        |
        |
        Webserver (1.1.1.3)

FW_DEV_EXT="eth0"
FW_DEV_DMZ="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="no"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP="ssh"
FW_SERVICES_EXT_UDP="ssh"
FW_SERVICES_DMZ_TCP="ssh"
FW_SERVICES_DMZ_UDP="ssh"
FW_SERVICES_DMZ_IP=""
FW_TRUSTED_NETS=""
FW_FORWARD="0/0,1.1.1.3,tcp,80"
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
SuSE-FW"
FW_KERNEL_SECURITY="no"
FW_STOP_KEEP_ROUTING_STATE="yes"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="yes"
FW_ALLOW_FW_TRACEROUTE="yes"


-- 
C: Zanzeta, Inc.
N: Dave Livingston
T: Chief Information Officer
P: 469.688.4872
F: 214.292.8578
E: dlivingston@xxxxxxxxxxx


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here