Hi,
yesterday we installed our firewall with dsl connection on dsl0 with dsl-modem connected to eth0.
The internal network is connected to eth1 (IP: 10.2.0.254)
IP-Forwarding is enabled so we can use 10.2.0.254 as gateway in our local network and browse the internet.
DNS is also installed. But we need to connect to the firewall from the internet so I set up masquerading and dyndns.
However, it only works from the internet. Locally it doesn't work, with our dyndns hostname we can only reach the firewall, same as 10.2.0.254.
Adding "zone: int" in FW_MASQ_DEV doesn't work as this makes the use as gateway impossible (http://opensuse.org => 10.2.0.254:80).
With a little hack it works: Change
to
in `which SuSEfirewall2`.
But this workaround is total garbage, as our dsl0 ip varies everyday.
Is there a better solution to achieve this?
I thought of forcing every traffic from our local network to our dsl0 ip through dsl0 so it appears as connection from extern. But I don't know how to do this.
Thanks in advance :)
yesterday we installed our firewall with dsl connection on dsl0 with dsl-modem connected to eth0.
The internal network is connected to eth1 (IP: 10.2.0.254)
IP-Forwarding is enabled so we can use 10.2.0.254 as gateway in our local network and browse the internet.
DNS is also installed. But we need to connect to the firewall from the internet so I set up masquerading and dyndns.
However, it only works from the internet. Locally it doesn't work, with our dyndns hostname we can only reach the firewall, same as 10.2.0.254.
Adding "zone: int" in FW_MASQ_DEV doesn't work as this makes the use as gateway impossible (http://opensuse.org => 10.2.0.254:80).
With a little hack it works: Change
Code:
$IPTABLES -A PREROUTING -j DNAT -t nat $proto $net1_src $net2_dst $port1 --to-destination ${target}${port2} -i $devCode:
$IPTABLES -A PREROUTING -j DNAT -t nat -d INSERT_WAN_IP_HERE $proto $net1_src $net2_dst $port1 --to-destination ${target}${port2} -i $devBut this workaround is total garbage, as our dsl0 ip varies everyday.
Is there a better solution to achieve this?
I thought of forcing every traffic from our local network to our dsl0 ip through dsl0 so it appears as connection from extern. But I don't know how to do this.
Thanks in advance :)