[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] suse-security list
-----BEGIN PGP SIGNED MESSAGE-----
> What you should definitly do is open port 5678 on FW_SERVICES_EXT_TCP,
> otherwise the firewall won't allow clients to connect. And you can get rid
> of port 80 on EXT because you use the other port for it.
> FW_SERVICES_EXT_TCP="25 53 5678"
That's not necessary for SuSE-FW2 (at least in 8.0), because the
forwarding code will create the needed ACCEPT rules independently of
the settings in FW_SERVICES_EXT_TCP. However, if the destination host
is itself not masqueraded, e.g., not listed in FW_MASQ_NETS, the reply
packets won't get back through the firewall. I found that out while
setting up a Windows web server that should only accept incoming
connections on port 80 and have no other Internet access.
Andreas J. Mueller email: <andy@xxxxxxxxxx>
PGP RSA Public Key ID 0x3D41D941 FP: ED261973D51D3D20 C840B0542E69F602
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)
-----END PGP SIGNATURE-----
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here