"Cencore Security" <[EMAIL PROTECTED]> writes: > I want to give access to the Firewall's Web Interface & SSH to my IP only > from another site running the MNF.
I still don't understand ... sorry .. I understand that you want to access MNF->Firewall (= MNF) which doesn't make sense to me ... > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Florin > Sent: Thursday, October 14, 2004 4:19 PM > To: [EMAIL PROTECTED] > Subject: Re: [Security Firewall] Rules > > > "Cencore Security" <[EMAIL PROTECTED]> writes: > > > One question I forgot. > > > > I've done this before but I cannot remember the structure of the rules. I > want to allow ssh and 8443 (that are running on the LAN interface) to be > accessible (read redirected) from the external WAN interface on the firewall > (with specific IP address xxx.xxx.xxx.xxx). > > > > I thought maybe just: > > #result client server proto port client_port address > > REDIRECT wan:xxx.xxx.xxx.xxx lan tcp 8443 - > > REDIRECT wan:xxx.xxx.xxx.xxx lan tcp 22 - > > or > > REDIRECT wan :xxx.xxx.xxx.xxx lan tcp 8443 - 192.168.1.1 > > REDIRECT wan :xxx.xxx.xxx.xxx lan tcp 22 - 192.168.1.1 > > > > but that only hangs shorewall. No matter what, it expects REDIRECT to put > a PORT where "lan" goes. And in the web interface you must choose a client > zone from the drop down. > > > > I also tried: > > DNAT wan:xxx.xxx.xxx.xxx lan:192.168.1.1 tcp 8443 - > > this rule will redirect a connection on the 8443 port coming from > wan:xxx.xxx.xxx.xxx to lan:192.168.1.1 which I don't understand because > 8443 is the web interface port ... running on the firewall. > > > DNAT wan:xxx.xxx.xxx.xxx lan:192.168.1.1 tcp 22 - > > same thing for ssh ... -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
