Hi

I have SuSEfirewall2 running on 192.168.1.2, doing routing for my internal network. This machine also has an external, public ip.

Now I have connected a new server on the network (a controller for sprinklers in the garden). This server is on 192.168.1.210

It runs a service on port 80, which I can access without problems when sitting here on a machine connected to the internal network.

But I need access to this server/service also from the outside, so I try to forward port 18080 to this controller on port 80:

FW_FORWARD_MASQ=“0/0,192.168.1.210,tcp,28080,80 0/0,192.168.1.210,udp,28080,80”

Does not work - I get ‘connection refused’ when trying to connect to my external ip.

I also tried using FW_REDIRECT but also without any luck.

If I was using a cheap hardware router, it would have a section to port-forward where I could easily add the external port and the internal ip/port and have connections forwarded.

But how do I do this when using SuSEfirewall?

I assume a typo. in the text is 18080, in the rule is two times 28080.

I am by no means fluent at IPtables, but a quick search on the internet suggests that you not only have to forward, but also allow such traffic, as by default all incoming connections are denied.

Some SuSEfirewall2 examples that may be helpful to you
http://www.accordata.net/docs/SuSEfirewall2/EXAMPLES.html#id284353

I came one step further.

If I have

FW_FORWARD_MASQ=“0/0,192.168.1.210,tcp,28080,80”

then if I connect from outside my local network, to my public ip (palustris.dk) on port 28080, I am getting to the webserver on 192.168.1.210 on port 80.

But from any computer on my internal network, I just get Connection refused.

The configfile has this note for FW_FORWARD_MASQ:

Hint: if FW_DEV_MASQ is set to the external interface

you have to set FW_FORWARD from internal to DMZ for the service as

well to allow access from internal!

It seems I need to set something in FW_FORWARD, but I cannot figure out what