Hi All,
I have upgraded VC2 to VC3. But when I tried to implement
firewall, all traffic to internet stops. Here is my old and new
firewall configuration:
OLD FIREWALL CONFIGURATION:
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
name inbound {
rule 1 {
protocol: "all"
state {
established: "enable"
related: "enable"
}
action: "accept"
log: "disable"
}
rule 2 {
protocol: "tcp"
action: "accept"
log: "disable"
source {
address: x.x.x.x
}
destination {
port-name: "ssh"
}
}
rule 3 {
protocol: "tcp"
action: "accept"
log: "disable"
source {
address: x.x.x.x
}
destination {
port-name: "ssh"
}
}
rule 4 {
protocol: "icmp"
icmp {
type: "8"
}
action: "accept"
log: "disable"
}
rule 5 {
protocol: "icmp"
icmp {
type: "11"
}
action: "accept"
log: "disable"
}
rule 6 {
protocol: "udp"
action: "accept"
log: "disable"
destination {
port-number: xxx
}
}
rule 7 {
protocol: "all"
action: "drop"
log: "disable"
source {
network: 0.0.0.0/0
}
}
}
}
NEW FIREWALL CONFIGURATION:
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
name inbound {
description: "inbound firewall"
rule 1 {
protocol: "tcp"
state {
established: "enable"
related: "enable"
}
action: "accept"
log: "disable"
}
rule 2 {
protocol: "tcp"
action: "accept"
log: "disable"
source {
address: "x.x.x.x"
}
destination {
port-name ssh
}
}
rule 3 {
protocol: "tcp"
action: "accept"
log: "disable"
source {
address: "x.x.x.x"
}
destination {
port-name ssh
}
}
rule 4 {
protocol: "icmp"
icmp {
type: "8"
}
action: "accept"
log: "disable"
}
rule 5 {
protocol: "icmp"
icmp {
type: "11"
}
action: "accept"
log: "disable"
}
rule 6 {
protocol: "udp"
action: "accept"
log: "disable"
destination {
port-number xxx
}
}
rule 7 {
protocol: "udp"
action: "accept"
log: "disable"
destination {
port-number xxx
}
}
rule 8 {
protocol: "all"
action: "drop"
log: "disable"
source {
network: "0.0.0.0/0"
}
}
}
}
I have applied this setting to my interface's firewall as : in and local .
When I try to enable this firewall setting , I can't ping to my ISP
gateway (modem IP) too.
Please tell me what I want to change to implement it on VC3 ?
Thanks in Advance,
Regards,
Abhilash S
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
