Thanks Patrick! Worked like a charm. Slainte,
Jim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Patrick Usher Sent: Friday, October 15, 2004 11:48 AM To: [EMAIL PROTECTED] Subject: RE: [Security Firewall] Rules Hi, If you want to allow access to the MNF from outside (manage the MNF from a remote location) , maybe use; ACCEPT wan:aaa.bbb.ccc.ddd fw tcp 8443 - ACCEPT wan:aaa.bbb.ccc.ddd fw tcp ssh - You may also need to designate the external interface as a administrative one. HTH Patrick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Cencore Security Sent: Thursday, October 14, 2004 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [Security Firewall] Rules I want to give access to the Firewall's Web Interface & SSH to my IP only from another site running the MNF. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Florin Sent: Thursday, October 14, 2004 4:19 PM To: [EMAIL PROTECTED] Subject: Re: [Security Firewall] Rules "Cencore Security" <[EMAIL PROTECTED]> writes: > One question I forgot. > > I've done this before but I cannot remember the structure of the rules. I want to allow ssh and 8443 (that are running on the LAN interface) to be accessible (read redirected) from the external WAN interface on the firewall (with specific IP address xxx.xxx.xxx.xxx). > > I thought maybe just: > #result client server proto port client_port address > REDIRECT wan:xxx.xxx.xxx.xxx lan tcp 8443 - > REDIRECT wan:xxx.xxx.xxx.xxx lan tcp 22 - > or > REDIRECT wan :xxx.xxx.xxx.xxx lan tcp 8443 - 192.168.1.1 > REDIRECT wan :xxx.xxx.xxx.xxx lan tcp 22 - 192.168.1.1 > > but that only hangs shorewall. No matter what, it expects REDIRECT to put a PORT where "lan" goes. And in the web interface you must choose a client zone from the drop down. > > I also tried: > DNAT wan:xxx.xxx.xxx.xxx lan:192.168.1.1 tcp 8443 - this rule will redirect a connection on the 8443 port coming from wan:xxx.xxx.xxx.xxx to lan:192.168.1.1 which I don't understand because 8443 is the web interface port ... running on the firewall. > DNAT wan:xxx.xxx.xxx.xxx lan:192.168.1.1 tcp 22 - same thing for ssh ... -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
