|
One question I forgot.
I've done this before but I cannot remember the
structure of the rules. I want to allow ssh and 8443 (that are running on
the LAN interface) to be accessable (read redirected) from the external WAN
interface on the firewall (with specific IP address xxx.xxx.xxx.xxx).
I thought maybe just:
#result client
server proto port
client_port
address
REDIRECT wan:xxx.xxx.xxx.xxx lan tcp 8443 - REDIRECT wan:xxx.xxx.xxx.xxx
lan tcp 22
-
or
REDIRECT wan :xxx.xxx.xxx.xxx
lan tcp 8443
- 192.168.1.1
REDIRECT wan :xxx.xxx.xxx.xxx
lan tcp 22
- 192.168.1.1
but that only hangs shorewall. No matter
what, it expects REDIRECT to put a PORT where "lan" goes. And in the web
interface you must choose a client zone from the drop down.
I also tried:
DNAT
wan:xxx.xxx.xxx.xxx lan:192.168.1.1
tcp 8443 -
DNAT
wan:xxx.xxx.xxx.xxx lan:192.168.1.1
tcp 22 -
That just does nothing.
I know I've actually done this before but I can't
remember this one to save my life.
Slainte,
Jim
|
- Re: [Security Firewall] Rules Cencore Security
- Re: [Security Firewall] Rules Florin
- RE: [Security Firewall] Rules Cencore Security
- Re: [Security Firewall] Rules Florin
- RE: [Security Firewall] Rules Patrick Usher
- RE: [Security Firewall] Rules Cencore Security
- RE: [Security Firewall] Rules Cencore Security
- RE: [Security Firewall] Rules Patrick Usher
