Hi All, I have upgraded VC2 to VC3. But when I tried to implement firewall, all traffic to internet stops. Here is my old and new firewall configuration:
OLD FIREWALL CONFIGURATION: firewall { log-martians: "enable" send-redirects: "disable" receive-redirects: "disable" ip-src-route: "disable" broadcast-ping: "disable" syn-cookies: "enable" name inbound { rule 1 { protocol: "all" state { established: "enable" related: "enable" } action: "accept" log: "disable" } rule 2 { protocol: "tcp" action: "accept" log: "disable" source { address: x.x.x.x } destination { port-name: "ssh" } } rule 3 { protocol: "tcp" action: "accept" log: "disable" source { address: x.x.x.x } destination { port-name: "ssh" } } rule 4 { protocol: "icmp" icmp { type: "8" } action: "accept" log: "disable" } rule 5 { protocol: "icmp" icmp { type: "11" } action: "accept" log: "disable" } rule 6 { protocol: "udp" action: "accept" log: "disable" destination { port-number: xxx } } rule 7 { protocol: "all" action: "drop" log: "disable" source { network: 0.0.0.0/0 } } } } NEW FIREWALL CONFIGURATION: firewall { log-martians: "enable" send-redirects: "disable" receive-redirects: "disable" ip-src-route: "disable" broadcast-ping: "disable" syn-cookies: "enable" name inbound { description: "inbound firewall" rule 1 { protocol: "tcp" state { established: "enable" related: "enable" } action: "accept" log: "disable" } rule 2 { protocol: "tcp" action: "accept" log: "disable" source { address: "x.x.x.x" } destination { port-name ssh } } rule 3 { protocol: "tcp" action: "accept" log: "disable" source { address: "x.x.x.x" } destination { port-name ssh } } rule 4 { protocol: "icmp" icmp { type: "8" } action: "accept" log: "disable" } rule 5 { protocol: "icmp" icmp { type: "11" } action: "accept" log: "disable" } rule 6 { protocol: "udp" action: "accept" log: "disable" destination { port-number xxx } } rule 7 { protocol: "udp" action: "accept" log: "disable" destination { port-number xxx } } rule 8 { protocol: "all" action: "drop" log: "disable" source { network: "0.0.0.0/0" } } } } I have applied this setting to my interface's firewall as : in and local . When I try to enable this firewall setting , I can't ping to my ISP gateway (modem IP) too. Please tell me what I want to change to implement it on VC3 ? Thanks in Advance, Regards, Abhilash S _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users