I want to give access to the Firewall's Web Interface & SSH to my IP only from another site running the MNF.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Florin Sent: Thursday, October 14, 2004 4:19 PM To: [EMAIL PROTECTED] Subject: Re: [Security Firewall] Rules "Cencore Security" <[EMAIL PROTECTED]> writes: > One question I forgot. > > I've done this before but I cannot remember the structure of the rules. I want to allow ssh and 8443 (that are running on the LAN interface) to be accessible (read redirected) from the external WAN interface on the firewall (with specific IP address xxx.xxx.xxx.xxx). > > I thought maybe just: > #result client server proto port client_port address > REDIRECT wan:xxx.xxx.xxx.xxx lan tcp 8443 - > REDIRECT wan:xxx.xxx.xxx.xxx lan tcp 22 - > or > REDIRECT wan :xxx.xxx.xxx.xxx lan tcp 8443 - 192.168.1.1 > REDIRECT wan :xxx.xxx.xxx.xxx lan tcp 22 - 192.168.1.1 > > but that only hangs shorewall. No matter what, it expects REDIRECT to put a PORT where "lan" goes. And in the web interface you must choose a client zone from the drop down. > > I also tried: > DNAT wan:xxx.xxx.xxx.xxx lan:192.168.1.1 tcp 8443 - this rule will redirect a connection on the 8443 port coming from wan:xxx.xxx.xxx.xxx to lan:192.168.1.1 which I don't understand because 8443 is the web interface port ... running on the firewall. > DNAT wan:xxx.xxx.xxx.xxx lan:192.168.1.1 tcp 22 - same thing for ssh ... -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
