Results 1 to 3 of 3

Thread: SuSEFirewall2 - How to change source IP?

  1. #1
    tixomir NNTP User

    Question SuSEFirewall2 - How to change source IP?

    I have a following setup:

    openSUSE 10.3 is firewall with multiple public IPs, on one external interface...

    In protected zone is server with multiple LAN IPs, binded to different instances of Lotus Domino servers (irrelevant), and incoming connections are routed according to destination IP of incoming package to different LAN IPs... (FW_FORWARD_MASQ set with "destination ip" parameter).

    I would get something like SNAT instead MASQUERADING for packages that are traveling from internal servers to Internet.

    I think that this can be done with some kind of SNAT or Mangle in /etc/sysconfig/scripts/SuSEfirewall2-custom, but some help would be great...

    Thanks,
    T.

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: SuSEFirewall2 - How to change source IP?

    Just an IMO.

    I don't know that configuring any special NAT/Masquerading at your firewall is likely an appropriate approach, particularly if you're serving resources (Servers) and not requesting (Clients).

    Each of your Servers likely will want to enable their own specific secure communications, providing end to end security (Server to Client) no matter what is in between. If that is your architecture, then your objective for anything in between should be to as transparent as possible.

    There can be objectives that go beyond simple "end to end" security, you may want to offload the processing required to enable secure connections (eg use of Proxy Servers), that would be a special case possibly for a different discussion.

    HTH,
    Tony

  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: SuSEFirewall2 - How to change source IP?

    Sorry guys for posting a very old thread...
    Clicked on the wrong Forums icon sending me to the oldest threads... still, if it's helpful to anyone...

    Tony

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •