Q I have set up a web server (SUSE 10.0) running inside a virtual machine that is hosted on my SUSE 10.0 box. I have configured it to be in the DMZ of my router (also SUSE 10.0). Web traffic is correctly routed to the box; however, I cannot seem to access it from the internal network on any port. I would like to be able to ssh directly into the box from within the internal network. The firewall on the router (192.168.0.9) was configured using aYast and maps its external port 80 to the web server (192.168.1.2). I tried mapping the internal (192.168.0) port 80 to the web server but this doesn't seem to work. Is it possible to do this with the Yast tool? If not, is there any easy way to convert the existing Yast setup into an Iptables script where it should be easy to achieve? Hope you can help...
A I would highly recommend that you install IPCop, a specialist Linux firewall distribution, instead of using SUSE 10.0 for the router. I used IPCop for a long time before I switched to Cisco PIX firewalls, and it only takes a few minutes to install. IPCop uses the concept of a 'Green network' for an internal protected interface such as your web server's, and this makes it relatively easy to join to two networks like yours together. There is an excellent HOWTO about IPCop at http://howtoforge.net/perfect_linux_firewall_ipcop_p2, and the project homepage is located at www. ipcop.org.