[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] suse-security list



* Andreas J Mueller; <andy@xxxxxxxxxx> on 24 Oct, 2002 wrote:
-----BEGIN PGP SIGNED MESSAGE-----

Hi Chris!

What you should definitly do is open port 5678 on FW_SERVICES_EXT_TCP,
otherwise the firewall won't allow clients to connect. And you can get rid
of port 80 on EXT because you use the other port for it.

FW_SERVICES_EXT_TCP="25 53 5678"

That's not necessary for SuSE-FW2 (at least in 8.0), because the
forwarding code will create the needed ACCEPT rules independently of
the settings in FW_SERVICES_EXT_TCP.  However, if the destination host

Correct as FW_SERVICES_EXT_* means anything that is running on the
firewall machine itself

However, if the destination host
is itself not masqueraded, e.g., not listed in FW_MASQ_NETS, the reply
packets won't get back through the firewall.  I found that out while

This is true if you are using FW_FORWARD_MASQ variable as this is used
for forwarding requests to private ip machines. if you have routable
ip's then you should be using FW_FORWARD which does not need
FW_MASQ_NETS

--

Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here