Good day!
Need help with susefirewall2.
I have to map external port (for example RDP port 2.0.0.1) located on external interface to internal host (for example 1.0.0.2) - to use remote desktop on windows machine, located in the local network. How can i do it?
Thanks a lot!
You didn’t give any details of your system, so I’ll make some guesses.
To start with, it’s best to have two separate network interfaces. You’ll typically set eth0 to the external interface (i.e., the Internet) and eth1 to the internal (your LAN). If you haven’t done this already, do that first.
Then go to Yast -> Security And Users -> Firewall, select Masquerading. Check “enable masquerading.” Now you simply enter each mapping with the “Add” button. The “source address” is the external (Internet) IP address. You can specify a different external port from the one used internally.
You also have to open the ports in the firewall … but post back with more details to receive more details.
Of course, i’ve done all network configurations.
I have dsl0 for internet connection and bond0 for local network.
I tried yast configuration, but it didn’t work.
So - i have external IP for example 90.0.0.1
Internal ip of the gateway 10.0.0.1. I have to forward windows remote desktop port to 10.0.0.2:3855
I tried to write in yast
Source network 0.0.0.0 source interface dsl0
Requested ip 90.0.0.1 requested port 3855
redirected ip 10.0.0.2 redirected port 3588
But there is a mistake - i suppose - the source network or something else.
Thank’s a lot for your reply.
Sorry 3389 port
i have just wrote in a wrong way - the problem still exists
The first question is if you have a static IP address on DSL0. Assuming you do,
source network 0.0.0.0
source interface dsl0
Requested ip 90.0.0.1 requested port 3855
redirected ip 10.0.0.2 redirected port 3588
Did you open the port in the firewall? Is DSL0 assigned to the “External” zone? Is “masquerade networks” checked?
Finally, be aware that some DSL providers block all ports unless you specifically request that they open them (and you may have to sign a waiver). In other words, the port forwarding might be right, you might have the port(s) opened in the firewall, but you’ll never get in from the outside world because your ISP is blocking everything coming in.
no - the ports are open - all incoming traffic are not blocked, because i use NFS remotely at home.
Answer to all other question is yes.
I have static IP, masquerading is on, dsl0 is external interface.
I’ve read some articles - tried to make chains by hand - there is no use of this method too. Very strange.
Thanks a lot))))
I love OpenSuse, and I’ve never had any problems getting it to masquerade/port forward … but for a firewall-only system, another distro you might try is IPCop: http://www.ipcop.org. That’s what it’s specifically designed for, and it has a nice Web interface that you can use to set up your rules.
IPCop makes setting up a firewall quite easy.
The trick with any of these is to make one change at a time; that way, if something breaks, you can always fall back to the last known-good setup. But you probably know that.
SuSe is the best distro - the host is not just a firewall (that’s a main server in the organization) - so i can’t (and don’t want) to change distr. So i have to find this error and to repair it.
Thanks again!!!