On Tuesday 12 December 2006 18:51, Hoper Edei Deixai wrote: > On 12/12/06 16:15, [EMAIL PROTECTED] wrote: > > What's the "correct" way to persuade SuSEfirewall2 in 10.2 > > to accept all forwarding? > > I've looked in /etc/sysconfig/SuSEfirewall2 and found the > > FW_FORWARD but even though I set it to "10.100.200.0/24,0/0" > > it seems to drop some packages. > > Maybe you meant "drop some packets" :-P > Is packet forwarding enabled? (i.e.: /proc/sys/net/ipv4/ip_forward set > to 1). > Did you put the appropriate rules in POSTROUTING chain? > > BTW, is not safe to allow forwarding from 0/0.
The rule says to forward to 0/0, not from, which should be safe enough But given that the network is 10.x.x.x, which is private, I wonder if perhaps masquerading shouldn't be used instead, since otherwise it won't be possible to reach external addresses The simplest method is to use YaST, the firewall module, and simply enable masquerading. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
