> Here's what seems to be a solution that works for SuSE. May be
> something similar for other systems:
>
> 1) Edit the file /etc/sysconfig/SuseFirewall2
> 2) Look for the keyword FW_TRUSTED_NETS
> 3) Add the IP addresses of your internal machines there. The format
> for multiple machines is wierd: "192.168.10.0/8" means all machines
> in 192.168.10.x. There doesn't seem to be any way to specify a
> numeric range, like .100 to .110.
Not a SUSE man and won't go into a full treatise on subnets
and netmasks but ...
192.168.10.0/8 actually means anything that has 192. at the start,
so you have opened things up slightly more widely than you may have
thought.
I recall you said you had machines numbered 192.168.10.1xx ?
If so, then 192.168.10.0/24 ("slash 24") would be slightly better
for you than "slash 8" as that at least narrows things down to all
numeric addresses starting with:
192.168.10.
If you just wanted to "trust" to a single machine then this:
192.168.10.100/32
represents, in the syntax you have already seen in use, the single
machine, 192.168.10.100.
Without wishing to make too many guesses as to what FW_TRUSTED_NETS
is doing but assuming that you can assign more than one "netmask" in
there and armed with the info above, you could add all of your own
machines individually by making:
FW_TRUSTED_NETS
take the values (three machine range, 101 -> 103 here)
192.168.10.100/32 192.168.10.101/32 192.168.10.102/32
and so on: basically, treating each machine as a trusted "network"
of one machine.
Again, the way one assigns multiple "netmasks" to FW_TRUSTED_NETS is
left to you to discover but I'm sure you will be able to do that.
It might be a better, without being the best, way to do what you
want, or rather, to not do what you didn't want, to do.
--
Kevin M. Buckley Room: CO327
School of Engineering and Phone: +64 4 463 5971
Computer Science
Victoria University of Wellington
New Zealand
