[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Problems with SuSEFirewall



Hi !!!

        I have a problem with a firewall I've configured with
SuSEFirewall2 and SuSE Linux 8.2.

My firewall has a public IP address, and a private IP for a LAN. In the
LAN I have a WWW server and a email server. People who want to check
their mail from the Internet just connect to the public IP in the
firewall and I have set there rules to redirect the trafic to the 
mail server and WWW server in the LAN. This works fine, also the people
in the lan browse the internet via a transparent proxy.

My problem starts because the people on the private LAN want's to access
the WWW server from the lan, in the same manner they do from the
Internet. When they point their browser to http://www.company.com they
get a error message from squid that says that the conection was refused.
If i ping the WWW server from the LAN by it's name i get no answer.

This problems is driving me mad, I don't know what to do. Thanks in
advance for your advice.


                            Andrés


FW_QUICKMODE="no"
FW_DEV_EXT="eth0"
FW_DEV_INT="eth1"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="192.168.1.0/24"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="no"
FW_SERVICES_EXT_TCP="ssh http"
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP="ssh"
FW_SERVICES_INT_UDP="snmp"
FW_SERVICES_INT_IP=""
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_UDP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS="192.168.1.0/24"
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="yes"
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ="0/0,192.168.1.163,tcp,25 0/0,192.168.1.4,tcp,110 0/0,192.168.1.4,tcp,80"
FW_REDIRECT="192.168.1.0/24,!XX.YY.ZZ.WW,tcp,80,3128"
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="yes"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="yes"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="yes"
FW_CUSTOMRULES=""
FW_REJECT="no"
FW_HTB_TUNE_DEV=""

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here