[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] SuSEfirewall2 not routing when both nics on



Hi *,

Brett Stevens wrote:

Simply set up a rfc 1918 address range (192.168.1.* ) and mask it or use a
second one on the other nic. This is not only best practice it is far
simpler to configure for a new user.
Internet
  |
  |
 eth0 (1.1.1.1)
  |
  FireWall---eth1 (1.1.1.2)
       |
       |
       Webserver (1.1.1.3)


I think Brett ist right, i misread your config. Somehow i saw 3 interfaces in your config. Putting a rfc1918 subnet behind eth1 and masquerading / portforwarding traffic would be a solution.

Proxy arp only makes sense in your setting for example: if you are in, lets say, a class c network and got no central firewall. If you want to secure computers with various IP-Adresses (not a subnet) and have no possibility to put a central firewall in front of the network, then a proxy arp firewall could be used to split off those hosts and put them in a dmz. But Brett is right, thats kind of an advanced setting.

Perhaps you could provide us with more details (why you want the setup you described: no masquerading etc.)?

peace,
Tom

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here