How do i forward a port?

Aditya Nag email hidden
Wed Mar 22 18:45:56 CET 2006 

I got the logic, but I seem to be missing something somewhere. Let me
tell you exactly what I have done:

ZONE.EXT

INPUT[0]="ACCEPT tcp http,www,112,80,3128,3389 0.0.0.0/0=>0.0.0.0/0"
REDIRECT_RDP="tcp 3389 0.0.0.0/0=>0.0.0.0/0 10.10.0.1 3389"

10.10.0.1 is the IP for the network card connected to the internal
network on the server.

ZONE.INT
FORWARD[0]="ALL ACCEPT tcp 3389 0.0.0.0/0=>10.10.0.15"

Where 10.10.0.15 is the static IP of the internal computer I want to
access from the internet.

I tried various combinations of these rules, but nothing seems to
work. Am I doing something egregiously wrong??

Thanks again for all the help!


On 3/22/06, Anders Peter Fugmann <afu at fugmann.net> wrote:
> Aditya Nag wrote:
> > Thanks for the reply, but I'm a little unclear on a few things. Do I
> > need to set up a forward rule in zone.int or zone.ext? I tried both
> > and it's not working. If it's possible, could you please send me a
> > slightly more detailed explanation. I feel rather stupid for not being
> > able to figure this out, but it's one of those things where you just
> > get stuck!
> >
> The logic is as follows:
>
> A packet enters the system from the external zone. In this zone it is
> redirected to the internal zone, and must be allowed into the internal
> zone. Access for packets originating from other zones into the internal
> zone is defined by the forward rules in the zone configuration file for
> the internal zone.
>
> The idea is that all access configuration for packets entering a zone is
>   places in the configuration file for the zone - not in other zones.
> All packets are allowed to leave a zone, but may be dropped by access
> rules for the destination zone.
>
> Input and output rules only applies for packets destined or originating
> from the firewall itself.
>
> To sum up:
> Redirect rule in zone.ext to redirect the packet to the internal zone.
> forward rule to allow the packet entering the internal zone.
>
> I hope it clears things up a bit.
>
>  > Thanks again for your help,
>  > Aditya
>  >
>
> Regards
> Anders Fugmann
>
>


--
www.adityanag.org

More information about the fiaif mailing list