[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] suse-security list



Hello Uli,
I present to you following porblem I haven't closed succesfully:

Configuration:
==========

Internal	<--->    Firewall (SuSE8.0)    <--->    Internet <---> Client	
Web Server 	      (int_dev: 10.3.1.10)				
(10.3.1.34)		      (ext_dev: x.y.z.a)

Well, certain client shall connect to the internal Web server to make use of
a data base application. The Client should give the ext_dev ip address and
the desired port to connect,  i.e.  http://x.y.z.a:5678
The request should pass through the firewall and be redirected straight to the 
webserver 10.3.1.34 .(port 80)
I tried different configuration examples without success. Have you any 
experience wuthin?

SuSEfirewall Configuration
===================
(This configuration uses port 80 and not the desired high port 5678)

FW_DEV_EXT="eth1"

FW_DEV_INT="eth0"

FW_ROUTE="yes"

FW_MASQUERADE="yes"

FW_MASQ_NETS="10.3.0.0/16"

FW_PROTECT_FROM_INTERNAL="yes"

FW_AUTOPROTECT_SERVICES="yes"

FW_SERVICES_EXT_TCP="25 53 80"

FW_SERVICES_EXT_UDP="53"	

FW_SERVICES_INT_TCP="25 53 80"

FW_SERVICES_INT_UDP="53"

FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"

FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"

FW_SERVICE_DNS="yes"

FW_FORWARD="0/0,x.y.z.a,tcp,80  x.y.z.a,10.3.1.34,tcp,80 
0/0,10.3.1.34/255.255.255.255,tcp,80"	

#
FW_REDIRECT="10.3.0.0/16,0/0,tcp,53,53  10.3.0.0/16,0/0,tcp,25,25 
10.3.0.0/16,0/0,udp,53,53  10.3.1.34,0/0,tcp,80,80"
===========================================================

Thanks in advance for any further help you could provide me.

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here