Re: [SLE] Problems with NAT on SuSE 8.x
From: Anders Johansson (andjoh_at_rydsbo.net)
Date: 07/25/03
- Previous message: Tom Nielsen: "Re: [SLE] samba question...ya, another one."
- In reply to: Eduardo J. Vega A: "Re: [SLE] Problems with NAT on SuSE 8.x"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Eduardo J. Vega A" <edvega@racsa.co.cr> Date: 25 Jul 2003 04:29:04 +0200
On Fri, 2003-07-25 at 04:12, Eduardo J. Vega A wrote:
> is there any way on which I could enable the internal clients to be
> hear by the NAT box ?
Look for these lines in /sbin/SuSEfirewall2
###############################################################
# Anti Spoofing/Cirumvention protection - interface dependent #
###############################################################
for DEV in $FW_DEV_INT; do
for IP in $DEV_EXT; do
$IPTABLES -A INPUT -j LOG ${LOG}"-ACCESS_DENIED_INT " -i $DEV
-d $IP
$IPTABLES -A INPUT -i $DEV -d $IP -j "$DROP"
done
done
and comment them out and restart the firewall. Note that I'm not sure if
those lines were put in there for a reason. It could be a security risk
to remove them.
Having said that, it looks pretty risk free to remove them, since they
only test for the internal NIC, packets coming on the external NIC are
blocked elsewhere. If the above lines are really useful, it strikes me
as a kernel bug, but then I'm no security expert
Another alternative would be to set up something so the internal
machines get the internal IP when they look up the name of the server
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Tom Nielsen: "Re: [SLE] samba question...ya, another one."
- In reply to: Eduardo J. Vega A: "Re: [SLE] Problems with NAT on SuSE 8.x"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
