[Cooker-firewall] SNF 7.2 and Port-Forwarding
Hi! I'm using SNF 7.2 with NAT and I want to use also Port-Forwarding for a Web-Server and smtp. I put the rules in NAAT - Restricted Access - Internet Access The Rules are in the input-chain, but not in the output-Chain. Waht can I do??? [root@router /root]# ipchains -L Chain input (policy DENY): target prot opt sourcedestination ports ACCEPT icmp -- anywhere anywhere fragmentation-needed DENY all l- 224.0.0.0/4 anywhere n/a DENY all l- anywhere 192.168.98.0/24 n/a DENY all l- 192.168.98.0/24 anywhere n/a DENY all l- anywhere 192.168.98.0/24 n/a DENY all l- 192.168.98.0/24 anywhere n/a ACCEPT all -- anywhere anywhere n/a ACCEPT all -- anywhere anywhere n/a ACCEPT tcp -- anywhere router.avalon-net.net any -> ssh ACCEPT tcp -- anywhere router.avalon-net.net any -> 1 ACCEPT tcp -- anywhere router.avalon-net.net any -> ntp ACCEPT tcp -- anywhere router.avalon-net.net any -> domain ACCEPT tcp -- anywhere router.avalon-net.net any -> 8443 ACCEPT udp -- anywhere router.avalon-net.net any -> ntp ACCEPT udp -- anywhere router.avalon-net.net any -> domain ACCEPT icmp -- anywhere anywhere any -> any ACCEPT tcp -- anywhere anywhere any -> domain ACCEPT tcp -- anywhere anywhere any -> mysql ACCEPT tcp -- anywhere anywhere any -> www ACCEPT tcp -- anywhere anywhere any -> 6346 ACCEPT tcp -- anywhere anywhere any -> ntp ACCEPT tcp !y anywhere anywhere any -> any ACCEPT icmp -- anywhere anywhere destination-unreachable ACCEPT icmp -- anywhere anywhere echo-reply ACCEPT icmp -- anywhere anywhere time-exceeded DENY icmp l- anywhere anywhere any -> any ACCEPT udp -- anywhere anywhere any -> domain ACCEPT udp -- anywhere anywhere any -> ntp DENY udp l- anywhere anywhere any -> 2049 ACCEPT udp -- 62.225.244.197 anywhere domain -> 1024:65535 ACCEPT udp -- 194.25.2.129 anywhere domain -> 1024:65535 DENY all l- anywhere router.avalon-net.net n/a DENY tcp -- anywhere router.avalon-net.net any -> any DENY udp -- anywhere router.avalon-net.net any -> any ACCEPT tcp -- 192.168.98.0/24 anywhere any -> any ACCEPT tcp -- 192.168.98.0/24 anywhere any -> domain ACCEPT udp -- 192.168.98.0/24 anywhere any -> any ACCEPT udp -- 192.168.98.0/24 anywhere any -> domain DENY all l- 192.168.98.0/24 anywhere n/a DENY all l- anywhere anywhere n/a Chain forward (policy DENY): target prot opt sourcedestination ports DENY tcp l- anywhere anywhere netbios-ns:netbios-ssn -> any DENY udp l- anywhere anywhere netbios-ns:netbios-ssn -> any MASQ all -- 192.168.98.0/24 anywhere n/a DENY all l- anywhere anywhere n/a Chain output (policy ACCEPT): target prot opt sourcedestination ports ACCEPT icmp -- anywhere anywhere fragmentation-needed ACCEPT icmp -- anywhere anywhere any -> any [root@router /root]# -- mfg Andre
[Cooker-firewall] SNF 7.2 and Port-Forwarding
Hi! I'm using SNF 7.2 with NAT and I want to use also Port-Forwarding for a Web-Server and smtp. I put the rules in NAAT - Restricted Access - Internet Access The Rules are in the input-chain, but not in the output-Chain. Waht can I do??? [root@router /root]# ipchains -L Chain input (policy DENY): target prot opt sourcedestination ports ACCEPT icmp -- anywhere anywhere fragmentation-needed DENY all l- 224.0.0.0/4 anywhere n/a DENY all l- anywhere 192.168.98.0/24 n/a DENY all l- 192.168.98.0/24 anywhere n/a DENY all l- anywhere 192.168.98.0/24 n/a DENY all l- 192.168.98.0/24 anywhere n/a ACCEPT all -- anywhere anywhere n/a ACCEPT all -- anywhere anywhere n/a ACCEPT tcp -- anywhere router.avalon-net.net any -> ssh ACCEPT tcp -- anywhere router.avalon-net.net any -> 1 ACCEPT tcp -- anywhere router.avalon-net.net any -> ntp ACCEPT tcp -- anywhere router.avalon-net.net any -> domain ACCEPT tcp -- anywhere router.avalon-net.net any -> 8443 ACCEPT udp -- anywhere router.avalon-net.net any -> ntp ACCEPT udp -- anywhere router.avalon-net.net any -> domain ACCEPT icmp -- anywhere anywhere any -> any ACCEPT tcp -- anywhere anywhere any -> domain ACCEPT tcp -- anywhere anywhere any -> mysql ACCEPT tcp -- anywhere anywhere any -> www ACCEPT tcp -- anywhere anywhere any -> 6346 ACCEPT tcp -- anywhere anywhere any -> ntp ACCEPT tcp !y anywhere anywhere any -> any ACCEPT icmp -- anywhere anywhere destination-unreachable ACCEPT icmp -- anywhere anywhere echo-reply ACCEPT icmp -- anywhere anywhere time-exceeded DENY icmp l- anywhere anywhere any -> any ACCEPT udp -- anywhere anywhere any -> domain ACCEPT udp -- anywhere anywhere any -> ntp DENY udp l- anywhere anywhere any -> 2049 ACCEPT udp -- 62.225.244.197 anywhere domain -> 1024:65535 ACCEPT udp -- 194.25.2.129 anywhere domain -> 1024:65535 DENY all l- anywhere router.avalon-net.net n/a DENY tcp -- anywhere router.avalon-net.net any -> any DENY udp -- anywhere router.avalon-net.net any -> any ACCEPT tcp -- 192.168.98.0/24 anywhere any -> any ACCEPT tcp -- 192.168.98.0/24 anywhere any -> domain ACCEPT udp -- 192.168.98.0/24 anywhere any -> any ACCEPT udp -- 192.168.98.0/24 anywhere any -> domain DENY all l- 192.168.98.0/24 anywhere n/a DENY all l- anywhere anywhere n/a Chain forward (policy DENY): target prot opt sourcedestination ports DENY tcp l- anywhere anywhere netbios-ns:netbios-ssn -> any DENY udp l- anywhere anywhere netbios-ns:netbios-ssn -> any MASQ all -- 192.168.98.0/24 anywhere n/a DENY all l- anywhere anywhere n/a Chain output (policy ACCEPT): target prot opt sourcedestination ports ACCEPT icmp -- anywhere anywhere fragmentation-needed ACCEPT icmp -- anywhere anywhere any -> any [root@router /root]# -- mfg Andre