I have a SuseFirewall setup in place which act as a gateway between my DMZ and LAN network.
SuseFirewall server has two network interfaces one for DMZ and another one for LAN.
Now I have added one more machine which acts as a VPN server connected to my remote network.
After adding firewall rules into FW_FORWARD traffic from DMZ to remote network works but traffic from LAN network to remote network doesn’t work.
Looks like the firewall is blocking the traffic since the IN=eth1 and OUT=eth1 interfaces are the same.
LAN network: 172.16.19.0/24
Remote network: 10.2.2.0/24
First, you’re in the wrong Forums, you should be posting in the SUSE forums, not the openSUSE forums.
But, this is the info I recommend you post to that forum…
When you setup your FW with a DMZ, there probably should be 3 zones in your scenario.
Internal - Connecting to a trusted LAN, this or External should generally always be configured, this would generally be the first or second “must have” zone.
External - Connecting to an untrusted network, this or Internal should generally always be configured, this would generally be the first or second “must have” zone.
DMZ - This is generally the second zone configured (after External) or third (after External and Internal). You would never configure this zone only with Internal or by itself.
So, when you say you started with a DMZ and Internal zone, then something is already wrong.
Also, by “network interfaces” you actually mean physical NICs.
Interfaces are virtual objects and don’t always have a one to one relationship with physical NICs.
Recommend you post
ip address
Followed by describing which interface is associated with your External, DMZ and Internal networks and zones.