Re: [opensuse] Accepting all in the FORWARD chain

Tue, 12 Dec 2006 23:22:34 -0800 

On Tue, 12 Dec 2006, Anders Johansson wrote:


On Tuesday 12 December 2006 18:51, Hoper Edei Deixai wrote:

Maybe you meant "drop some packets" :-P


 Heh! (On a side note, I tried uninstalling MozillaFirefox
 and this is what I got:

[EMAIL PROTECTED] ~]# rug remove -N MozillaFirefox
Waking up ZMD...Done
Resolving Dependencies...

The following packages will be removed:
  3ddiag 0.738-29 (system)
  cabextract 1.2-16 (system)
  CheckHardware 0.1-1017 (system)
  desktop-translations 10.1-66 (system)
  evms-gui 2.5.5-67 (system)
  ghostscript-x11 8.15.3-24 (system)
  lsb 3.1-22 (system)
  MozillaFirefox 2.0-30 (system)
  numlockx 1.1-23 (system)
  openssh-askpass 4.4p1-24 (system)
  opensuse-manual_en 10.2-28 (system)
  sax2-gui 8.1-83 (system)
  tightvnc 1.2.9-224 (system)
  unclutter 8-874 (system)
  x11 10.2-145 (system)
    pattern:x11-10.2-145.i586[System packages] dependend on MozillaFirefox
    pattern:x11-10.2-145.i586[System packages] is missing the requirement 
MozillaFirefox
  x11-input-synaptics 0.14.6-24 (system)
  x11-input-wacom 0.7.6-18 (system)
  x11-tools 0.1-57 (system)
  xaw3d 1.5E-263 (system)
  xdg-utils 1.0.1-7 (system)
  xdmbgrd 0.6-21 (system)
  xkeyboard-config 0.9-24 (system)
  xlockmore 5.23-11 (system)
  xorg-x11-libX11-ccache 7.2-12 (system)
  xtermset 0.5.2-153 (system)
  yast2-control-center 2.14.1-6 (system)

 how the f*#%k can all these packages depend on Firefox beind
 installed?? Talk about dependency hell.)


Is packet forwarding enabled? (i.e.: /proc/sys/net/ipv4/ip_forward set
to 1).
Did you put the appropriate rules in POSTROUTING chain?


 Packet forwarding is enabled and I don't need any POSTROUTING rules.



The rule says to forward to 0/0, not from, which should be safe enough
But given that the network is 10.x.x.x, which is private, I wonder if perhaps
masquerading shouldn't be used instead, since otherwise it won't be possible
to reach external addresses


 Nope, I don't need masquerading, the squid box sits before my firewall
 (and has only one NIC). The idea is that the client PC's are default
 routed to the squid box. Outgoing web requests are captured by a
 PREROUTING rule to hand them over to squid. All other traffic
 should just be forwarded to the default route of the squid box,
 which is my firewall.

 I've had this setup on an Mandriva box before so I know it works,
 it's just the antics of SuSEfirewall2 and how to completely allow
 forwarding in it I don't quite grasp.

 - Peder

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to