-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On 12/12/06 18:55, Anders Johansson wrote: >>> What's the "correct" way to persuade SuSEfirewall2 in 10.2 >>> to accept all forwarding? >>> I've looked in /etc/sysconfig/SuSEfirewall2 and found the >>> FW_FORWARD but even though I set it to "10.100.200.0/24,0/0" >>> it seems to drop some packages. >> Maybe you meant "drop some packets" :-P >> Is packet forwarding enabled? (i.e.: /proc/sys/net/ipv4/ip_forward set >> to 1). >> Did you put the appropriate rules in POSTROUTING chain? >> >> BTW, is not safe to allow forwarding from 0/0. > The rule says to forward to 0/0, not from, which should be safe enough My fault, I don't know much about SuSEfirewall2. I don't like it, cause I want to know what the firewall is doing.
> But given that the network is 10.x.x.x, which is private, I wonder if perhaps > masquerading shouldn't be used instead, since otherwise it won't be possible > to reach external addresses That's what I meant with "appropriate POSTROUTING rules". - -- Hoper Edei Deixai (όπερ΄έδει δεϊξαι) aka QED OpenPGP key ID: 0x58D14EB3 Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3 Check fingerprints before trusting a key! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFfvRGH+Dh0Dl5XacRA08/AJ4pLvT19EsHd8Kc22xaFW2zqqDU3QCfSpZf U72+8cKNo8wRQGrpKCnb65M= =Ud4I -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
