RE: [Security Firewall] Rules

Fri, 15 Oct 2004 09:24:39 -0700 

Kool. Glad you got it working.

Patrick

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Cencore
Security
Sent: Friday, October 15, 2004 9:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [Security Firewall] Rules


Thanks Patrick!  Worked like a charm.

Slainte,

Jim

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Patrick
Usher
Sent: Friday, October 15, 2004 11:48 AM
To: [EMAIL PROTECTED]
Subject: RE: [Security Firewall] Rules


Hi,
If you want to allow access to the MNF from outside (manage the MNF from a
remote location) , maybe use;

ACCEPT  wan:aaa.bbb.ccc.ddd fw     tcp  8443   -
ACCEPT wan:aaa.bbb.ccc.ddd fw  tcp  ssh    -

You may also need to designate the external interface as a administrative
one.

HTH

Patrick

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Cencore
Security
Sent: Thursday, October 14, 2004 1:28 PM
To: [EMAIL PROTECTED]
Subject: RE: [Security Firewall] Rules


I want to give access to the Firewall's Web Interface & SSH to my IP only
from another site running the MNF.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Florin
Sent: Thursday, October 14, 2004 4:19 PM
To: [EMAIL PROTECTED]
Subject: Re: [Security Firewall] Rules


"Cencore Security" <[EMAIL PROTECTED]> writes:

> One question I forgot.
>
> I've done this before but I cannot remember the structure of the rules.  I
want to allow ssh and 8443 (that are running on the LAN interface) to be
accessible (read redirected) from the external WAN interface on the firewall
(with specific IP address xxx.xxx.xxx.xxx).
>
> I thought maybe just:
> #result       client  server  proto   port    client_port     address
> REDIRECT wan:xxx.xxx.xxx.xxx    lan    tcp    8443     -
> REDIRECT wan:xxx.xxx.xxx.xxx    lan    tcp    22     -
> or
> REDIRECT wan :xxx.xxx.xxx.xxx   lan    tcp    8443     -    192.168.1.1
> REDIRECT wan :xxx.xxx.xxx.xxx   lan    tcp    22     -    192.168.1.1
>
> but that only hangs shorewall.  No matter what, it expects REDIRECT to put
a PORT where "lan" goes.  And in the web interface you must choose a client
zone from the drop down.
>
> I also tried:
> DNAT    wan:xxx.xxx.xxx.xxx    lan:192.168.1.1    tcp    8443    -

this rule will redirect a connection on the 8443 port coming from
wan:xxx.xxx.xxx.xxx to lan:192.168.1.1 which I don't understand because
8443 is the web interface port ... running on the firewall.

> DNAT    wan:xxx.xxx.xxx.xxx    lan:192.168.1.1    tcp    22    -

same thing for ssh ...
--
Florin     http://www.mandrakesoft.com
    http://people.mandrakesoft.com/~florin/












____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

Reply via email to