On 2006-12-15 01:21, Peder wrote: > This is from one session: > > SFW2-FWDext-ACC-FORW IN=eth0 OUT=eth0 SRC=10.100.200.10 > DST=10.111.40.15 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=16576 DF > PROTO=TCP SPT=4190 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT > (020405B401010402) > > SFW2-FWDext-DROP-DEFLT-INV IN=eth0 OUT=eth0 SRC=10.100.200.10 > DST=10.111.40.15 > LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=16577 DF PROTO=TCP SPT=4190 > DPT=80 WINDOW=65535 RES=0x00 ACK URGP=0 Now I am confused.. I thought you said your firewall was redirecting all http traffic to the squid proxy. > > <snip> > Hmmm, I think I realize now why it doesn't work. Since my squid server > isn't a router in its true meaning it doesn't see the ACK my web > server sends as a reply to the SYN (since that traffic goes directly > from the web server to the client). > Therefore it doesn't see my client's subsequent ACK as RELATED or > ESTABLISHED. Since I don't use a proxy, I'm probably way off-mark here, but I thought all the traffic was supposed to travel through the proxy -- nothing direct between web server and client. > > I guess my setup is a bit too unorthdox for SuSEfirewall2 but I still > don't get why it doesn't have an option to accept _all_ forwarding. I don't think anyone anticipated doing things as you are doing them :-) You essentially have a single network card functioning as both the internal and external interfaces.
You may be able to continue to use SuSEfirewall2, by placing your own rule(s) into the fw_custom_before_masq function in /etc/sysconfig/scripts/SuSEfirewall2-custom. Make sure to set the FW_CUSTOMRULES variable in the firewall config file (Yast/System/sysconfig editor, Network/firewall/susefirewall2) if you do. -- The best way to accelerate a computer running Windows is at 9.81 m/s² -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
