Hello!

I have Open Suse 10.1 installed with squid!
I have two Network Adapters: internet and intranet
The intranet ip is 192.168.0.90

My aim is to:
1. make a routing of all packets and ports only toward one ip from lan- 192.168.0.91, but not for others!
2. What about other IPs, i want them to have access only for Mail Client: 25 and 110 port. Only these ports! They will access http by proxy connection (squid)

What iptables commands should i run in console for reachinf that aims?


Thanks a lot!

can anyone suggest something?

#2 should be very easy. What types of testing/commands have you run thus far to try and figure it out?

I'm slightly confused as to what you're trying to do with #1.

Hello!
I've found the solution! If anyone has the same problem, here u go:

Goto /etc/sysconfig and edit SuSEfirewall2
Replace

FW_MASQ_NETS="0/0" with
FW_MASQ_NETS="192.168.0.0/24,0/0,tcp,25 192.168.0.0/24,0/0,tcp,110"


Here u open only SMTP (25) and POP3 (110) port! All other ports are closed!
If u want u may allow http access through squid (with all the restrictions), as i did!

After that i tried to restart SuSEfirewall2, i wrote in console this:
/sbin/SuSEfirewall2 start
/sbin/SuSEfirewall2 stop
But there was an error...well i don't know why...

I tried to run Firewall in Yast, i turned off masquerade, pressed ok, accept; and once more time opened Firewall in Yast and turned on masquerade. And now if i run
/sbin/SuSEfirewall2 start
/sbin/SuSEfirewall2 stop
it's no error, and all changes in SuSEfirewall2 didn't dissapear!
Now ur firewall is working properly!

God bless you!