[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] suse-security list



-----BEGIN PGP SIGNED MESSAGE-----

Hi René!

> The request should pass through the firewall and be redirected straight to the
> webserver 10.3.1.34 .(port 80)

> FW_FORWARD="0/0,x.y.z.a,tcp,80  x.y.z.a,10.3.1.34,tcp,80
> 0/0,10.3.1.34/255.255.255.255,tcp,80"

FW_FORWARD is for forwarding to public IP address in the DMZ/internal
net only.  What you probably want (since you are masquerading the
10.3.0.0/16 net) is

FW_FORWARD_MASQ="0/0,10.3.1.34,tcp,5678,80"

This will reverse masquerade incoming requests to port 5678 on your
public IP and forward them to port 80 on your web server.

Regards, Andy

- --
Andreas J. Mueller                            email: <andy@xxxxxxxxxx>
PGP RSA Public Key ID 0x3D41D941 FP: ED261973D51D3D20 C840B0542E69F602
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)

iQC9AwUBPbgDTfobN5o9QdlBAQETOQVAnEiZYXg5DpkWYn7plbRZJ8E7baa5+Sbn
KUVEzj26MawhMOOwnfAbHD5er8wUVYQqVKgoOZAvMnqMDfaqsCedam8Z+cQla+rh
QEbUuoIg0w1WDboOCVkRx3k+9xitGBIt9VIGhRSK6uGbJ/wU+ba+Ho4alrbom2oL
UlRMHShFj6Sm5UQu0YhNq4EvsZ8KyU8oDeryDe6e5uoP/Vuxhvu8P+Yud+0Y0B/f
=QkP1
-----END PGP SIGNATURE-----


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here