Is this possible using SLES as a router/firewall? I know it works with
some commercial firewalls. SonicWALL is one of them.
Example:
Firewall/router (sLES)
Public interface: 10.0.23.100
Private interface: 192.168.24.1
Email Server
Interface: 192.168.24.2
Laptop/tablet/smart phone
Interface: local IP 192.168.24.3
Firewall configuration port forwarding:
10.0.23.100:25 → 192.168.24.2:25
From the Internet I can access the email server using 10.0.23.100:25.
From the LAN I can access the email server using 192.168.24.2:25.
From the LAN I want to access the email server using 10.0.23.100:25
so that the device configuration doesn’t have to be changed for
onsite/offsite access. I know I can accomplish this by setting up
appropriate internal/external DNS entries but that is not what I am
asking.
Any ideas?
–
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
Hi
You should just be able to add via the ip command to the 192.x.x.x
interface…
ip addr add dev ethX 10.x.x.x/subnet
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
SLES 15 | GNOME Shell 3.26.2 | 4.12.14-23-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
Hi
You should just be able to add via the ip command to the 192.x.x.x
interface…
ip addr add dev ethX 10.x.x.x/subnet
[/color]
Thank you for reminding me that I omitted a critical piece of
information: The gateway for devices on the LAN is 192.168.24.1.
The issue is how to direct LAN traffic addressed to 10.0.23.100, which
would arrive at the firewall’s private interface (192.168.24.1), to the
email server at 192.168.24.2.
Sorry to complicate things…
–
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
Hi
Hmmm, on the gateway I would guess anything internally with a
destination port of 25 on the router could be forwarded to the mail
system might be an easier way?
Else use the SLES system as the gateway internally?
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
SLES 15 | GNOME Shell 3.26.2 | 4.12.14-23-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
Hi
Hmmm, on the gateway I would guess anything internally with a
destination port of 25 on the router could be forwarded to the mail
system might be an easier way?
Else use the SLES system as the gateway internally?[/color]
The SLES server is the gateway to the Internet. It uses masquerading.
Incoming traffic from the public interface is forwarded to the mail
server’s private IP address. I don’t know how, or if it is even
possible, to route incoming traffic on the private interface, with the
a destination IP address of the public interface, back to the private
interface using the same SuSEfirewall2 rules that would be applied if
the packet arrived via the public interface.
Perhaps the solution is so simple that it is eluding me?
–
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
Internally I can connect to a 192.x.x.x via FQDN (hosts file
internally), then if external it resolves to the external IP address
which is then forwarded to the respective machine on the 192.x.x.x
address and port as defined.
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
SLES 15 | GNOME Shell 3.26.2 | 4.12.14-23-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
Internally I can connect to a 192.x.x.x via FQDN (hosts file
internally), then if external it resolves to the external IP address
which is then forwarded to the respective machine on the 192.x.x.x
address and port as defined.[/color]
On Windows systems, the host file is the first place used to resolve
names and, if present, it will always resolve so that doesn’t allow
names to be resolve to different addresses when offsite.
What I’m looking for is to see if a properly configured SLES server can
provide this specific capability found in some commercial products and,
if so, how to do it.
–
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
It sounds like you might need to use the gateway’s capability to provide
a NAT Loopback (that’s what my router calls it) to allow traffic behind
the firewall to access resources behind the firewall using the external
IP address.
In that case, though, it’d not be a SLE implementation issue unless SLE
was the gateway itself.
It sounds like you might need to use the gateway’s capability to
provide a NAT Loopback (that’s what my router calls it) to allow
traffic behind the firewall to access resources behind the firewall
using the external IP address.
In that case, though, it’d not be a SLE implementation issue unless
SLE was the gateway itself.
Jim[/color]
Hi Jim,
That is exactly what I want to do and, yes, the SLES server is the
router/gateway only I haven’t found any information on how to do this
or if it is even possible using SLES.
Have you seen th s done before with SLE or even openSUSE software?
–
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
On Mon, 09 Jul 2018 23:37:59 +0000, Kevin Boyle wrote:
[color=blue]
Jim Henderson wrote:
[color=green]
It sounds like you might need to use the gateway’s capability to
provide a NAT Loopback (that’s what my router calls it) to allow
traffic behind the firewall to access resources behind the firewall
using the external IP address.
In that case, though, it’d not be a SLE implementation issue unless SLE
was the gateway itself.
Jim[/color]
Hi Jim,
That is exactly what I want to do and, yes, the SLES server is the
router/gateway only I haven’t found any information on how to do this or
if it is even possible using SLES.
Have you seen th s done before with SLE or even openSUSE software?[/color]
I haven’t, but if you’re using iptables in SLE (on SLE11 that’s what the
firewall is for me, and it seems to also be what’s on my openSUSE boxes),
maybe this will help:
On Mon, 09 Jul 2018 23:37:59 +0000, Kevin Boyle wrote:
[color=green]
Jim Henderson wrote:
[color=darkred]
It sounds like you might need to use the gateway’s capability to
provide a NAT Loopback (that’s what my router calls it) to allow
traffic behind the firewall to access resources behind the firewall
using the external IP address.
In that case, though, it’d not be a SLE implementation issue[/color][/color]
unless SLE >> was the gateway itself.[color=green][color=darkred]
Jim[/color]
Hi Jim,
That is exactly what I want to do and, yes, the SLES server is the
router/gateway only I haven’t found any information on how to do
this or if it is even possible using SLES.
Have you seen th s done before with SLE or even openSUSE software?[/color]
I haven’t, but if you’re using iptables in SLE (on SLE11 that’s what
the firewall is for me, and it seems to also be what’s on my openSUSE
boxes), maybe this will help:
Currently the firewall is configured using the SuSEfirewall2
configuration file. I’ll have to give this some thought to see if I can
accomplish the same thing or if I’ll have to switch to iptables. That’s
something I have considered on a number of occasions but have never
taken the plunge!
Thanks to both you and Malcolm for your help.
–
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.