Hi. Ich habe einen Rechner, mit SuSE 7.0. Diesen benutze ich als Router. Er hat zwei Netzwerkkarten. Eine fürs interne "sichere" Netz und eine vom Router zum Modem. Darauf läuft die SuSEFirewall. Ich möchte nun eine Anfrage vom Internet auf den ssh-Port(22) weiterleiten an einen Rechner hinter der Firewall. Was muss ich da einstellen? So sieht meine momentane Config aus:
FW_DEV_WORLD="ppp0"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.0.10 192.168.0.101 192.168.0.200"
FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_GLOBAL_SERVICES="yes"
FW_SERVICES_EXTERNAL_TCP="" # Common: smtp domain
FW_SERVICES_EXTERNAL_UDP="" # Common: domain
FW_SERVICES_DMZ_TCP="" # Common: smtp domain
FW_SERVICES_DMZ_UDP="" # Common: domain syslog
FW_SERVICES_INTERNAL_TCP="ssh"
FW_SERVICES_INTERNAL_UDP="ssh"
FW_TRUSTED_NETS=""
FW_SERVICES_TRUSTED_TCP="" # Common: ssh
FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" # Common: "ftp-data" (sadly!)
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # Common: "dns"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="yes"
FW_SERVICE_SAMBA="no"
FW_FORWARD_TCP=""
FW_FORWARD_UDP=""
FW_FORWARD_MASQ_TCP=""
FW_FORWARD_MASQ_UDP=""
FW_REDIRECT_TCP=""
FW_REDIRECT_UDP=""
FW_LOG_DENY_CRIT="yes"
FW_LOG_DENY_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="no"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_FW_TRACEROUTE="no"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive"
Die Firewall hat die IP 192.168.0.40/Internet IP und der Zielrechner hat die IP 192.168.0.101. Danke schonmal im vorraus.
FW_DEV_WORLD="ppp0"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.0.10 192.168.0.101 192.168.0.200"
FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_GLOBAL_SERVICES="yes"
FW_SERVICES_EXTERNAL_TCP="" # Common: smtp domain
FW_SERVICES_EXTERNAL_UDP="" # Common: domain
FW_SERVICES_DMZ_TCP="" # Common: smtp domain
FW_SERVICES_DMZ_UDP="" # Common: domain syslog
FW_SERVICES_INTERNAL_TCP="ssh"
FW_SERVICES_INTERNAL_UDP="ssh"
FW_TRUSTED_NETS=""
FW_SERVICES_TRUSTED_TCP="" # Common: ssh
FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" # Common: "ftp-data" (sadly!)
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # Common: "dns"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="yes"
FW_SERVICE_SAMBA="no"
FW_FORWARD_TCP=""
FW_FORWARD_UDP=""
FW_FORWARD_MASQ_TCP=""
FW_FORWARD_MASQ_UDP=""
FW_REDIRECT_TCP=""
FW_REDIRECT_UDP=""
FW_LOG_DENY_CRIT="yes"
FW_LOG_DENY_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="no"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_FW_TRACEROUTE="no"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive"
Die Firewall hat die IP 192.168.0.40/Internet IP und der Zielrechner hat die IP 192.168.0.101. Danke schonmal im vorraus.