<html>

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1250">


<meta name=Generator content="Microsoft Word 10 (filtered)">

<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:Arial;}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {font-family:Arial;
        color:windowtext;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>Hi</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>I’m sorry if this has been raised before.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>I’m trying to set up Firehol to route (dnat) external VNC
services to different computers, depending upon the TCP ports being used. 
I’ve done this successfully for two inputs on ports 5900 (default) and
7677 but when I add a third on port 7674 if doesn’t get routed (it’s
the one called vnc2 that’s to be routed to 10.0.0.4).  Unfortunately
there’s nothing in the log to show what’s going wrong.  I know
that the receiving computer is able to accept the VNC service on 7674 as there’s
another gateway on the network and I can route the traffic through that one
successfully to 10.0.0.4.  However, I’d prefer to use the Firehol
protected gateway for operational reasons.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>Here’s my firehol.conf that is based on one of the examples:</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>FIREHOL_LOG_LEVEL=error</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># $Id: lan-gateway.conf,v 1.1 2003/10/12 </span></font><font size=2><span lang=EN-GB style='font-size:10.0pt'>13:43:42</span></font><font size=2><span
lang=EN-GB style='font-size:10.0pt'> ktsaou Exp $</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Configuration file for a LAN router with one ethernet interface
(eth0)</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># for the LAN and a PPP interface for connecting to the Internet.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># The LAN works with private IP addresses.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># This script will also setup a transparent cache for all the PCs on
the</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># local LAN.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># CUSTOM SERVICES</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># See the section "Adding Services" in the documentation</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Example service x, listening on port TCP/z</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># > server_x_ports="tcp/z"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># > client_x_ports="default"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>server_vnc1_ports="tcp/7677"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>client_vnc1_ports="default"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>server_vnc2_ports="tcp/7674"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>client_vnc2_ports="default"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># STOP UDP 2222 MESSAGES FLOODING SYSLOG</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># -----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>server_office_ports="udp/138"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>client_office_ports="any"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># NETWORK DEFINITIONS - Normally, only these are to be touched by you.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># You can define anything you like, assuming you are using it later.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># --- HOME ---</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># The definition of our HOME LAN.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>HOME_MYIP="10.0.0.248"                     #
The IP on our HOME LAN</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>HOME_MYIF="eth0"                  #
The HOME LAN interface</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>HOME_BCAST="10.255.255.255"           #
The HOME LAN broadcast</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>HOME_LAN="10.0.0.0/8"                       #
The HOME LAN</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>HOME_SERVICES="all"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Do we run a DHCP server on the HOME LAN?</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>HOME_DHCP=1                                    #
Set to 0 to disable</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># --- PUBLIC ---</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># The definition of our PUBLIC interface.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>PUBLIC_MYIP=""          #
Leave empty for dynamic IP</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>PUBLIC_MYIF="ppp0"                #
The public interface</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>PUBLIC_SERVICES="http ftp mysql"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Is the PPP interface a DIAL-ON-DEMAND?</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>DIAL_ON_DEMAND=0               #
Set to 0 to disable</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># --- TRUSTED ---</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Hosts in the internet I trust for accessing private services</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Empty these to disable.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>TRUSTED_IPS=""</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>TRUSTED_SERVICES=""</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># --- TRANSPARENT CACHE ---</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Run a transparent cache?</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>SQUID_PORT="800"                  #
Leave empty to disable SQUID</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>SQUID_USERS=""                     #
Users to be excluded from the cache</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>SQUID_EXCLUDE=""                 #
Web Server IPs to be excluded from the cache</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># --- BLACKLIST ---</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># A space-separated list of IPs to be blocked.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>blacklist=""</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># ----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># HELPERS</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Block all traffic from/to certain IPs</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>if [ ! -z "${blacklist}" ]</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>then</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            blacklist
full "${blacklist}"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>fi</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Setup a transparent squid, only if SQUID_PORT is set.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>if [ ! -z "${SQUID_PORT}" ]</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>then</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            transparent_squid
"${SQUID_PORT}" "${SQUID_USERS}"            \</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>             
inface "${HOME_MYIF}" src "${HOME_LAN}"                 \</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>             
`test ! -z "${SQUID_EXCLUDE}" && echo "dst not '${SQUID_EXCLUDE}'"`</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>fi</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># NETWORK ADDRESS TRANSLATION</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Change the source/destination of packets...</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Should we do SNAT or MASQUERADE?</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># If there is a PUBLIC_MYIP defined, we should do SNAT, otherwise MASQ.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>if [ ! -z "${PUBLIC_MYIP}" ]</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>then</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            snat
to "${PUBLIC_MYIP}"                                              \</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>                        outface
"${PUBLIC_MYIF}"                                 \</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>                        src
"${HOME_LAN}" dst not "${UNROUTABLE_IPS}"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>else</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            masquerade
"${PUBLIC_MYIF}"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>fi</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># To have some public service hit an internal machine, do this:</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># (the example redirects external port TCP/26 to internal IP 10.0.0.2
port 25)</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># > dnat to 10.0.0.2:25                                                               \</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># >       inface
"${PUBLIC_MYIF}"                                                           \</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># >       src not "${HOME_LAN}
${UNROUTABLE_IPS}"                            \</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># >       proto tcp dport 26</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># For each such statement, the router at the end has to support it.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>dnat to 10.0.0.239:5900 inface ppp0 proto tcp dport 5900</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>dnat to 10.0.0.4:7674 inface ppp0 proto tcp dport 7674</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>dnat to 10.0.0.238:7677 inface ppp0 proto tcp dport 7677</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># PROTECT SELF</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># ----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Protect the firewall host...</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># --- HOME ---</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Protect us from the HOME LAN</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>interface "${HOME_MYIF}" home src "${HOME_LAN}" dst
"${HOME_MYIP} ${HOME_BCAST}"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            policy
reject</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            server
"${HOME_SERVICES}" accept</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            client
all accept</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># DHCP needs 0.0.0.0/255.255.255.255 access.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>if [ ${HOME_DHCP} -eq 1 ]</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>then</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            interface
"${HOME_MYIF}" dhcp</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>                        server
dhcp accept</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>                        server
office drop</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>fi</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># --- PUBLIC ---</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Protect us from the PUBLIC</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>interface "${PUBLIC_MYIF}" internet                                            \</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            src
not "${UNROUTABLE_IPS}"                                      \</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            `test
! -z "${PUBLIC_MYIP}" && echo "dst
'${PUBLIC_MYIP}'"`</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            protection
strong</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            policy
drop</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            #
Are there any trusted PCs/services?</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            if [
! -z "${TRUSTED_PCS}" -a ! -z "${TRUSTED_SERVICES}" ]</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            then</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>                        server
"${TRUSTED_SERVICES}" accept src "${TRUSTED_PCS}"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            fi</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            server
"${PUBLIC_SERVICES}" accept</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            server
custom rvw tcp/7676 default accept</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            client
all accept</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># DIAL-ON-DEMAND needs this in case there is a PUBLIC_MYIP defined.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>if [ ${DIAL_ON_DEMAND} -eq 1 ]</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>then</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            interface
"${PUBLIC_MYIF}" dialup</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>                        client
all accept</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>fi</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># PROTECT ROUTING</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Protect the LAN...</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># Route traffic for the clients on the LAN</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>router internet2lan inface "${PUBLIC_MYIF}" outface
"${HOME_MYIF}"      \</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            src
not "${UNROUTABLE_IPS}" dst "${HOME_LAN}"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            #
route all client traffic</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            client
all accept</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            server
vnc accept dst 10.0.0.239</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            server
vnc1 accept dst 10.0.0.238</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            server
vnc2 accept dst 10.0.0.4</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            # For
the dnat example above, this is needed:</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>            #
> server smtp accept dst 10.0.0.2</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>#
----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># SET LOG OPTIONS</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'># ----------------------------------------------------------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>FIREHOL_LOG_FREQUENCY="1/minute"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>FIREHOL_LOG_BURST="5"</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'>Regards</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
 10.0pt'>Richard Williams</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt'> </span></font></p>

<p class=MsoNormal><font size=3 color=navy face=Arial><span lang=EN-GB
style='font-size:12.0pt;color:navy'>****************************************************<br>
</span></font><font color=navy><span lang=EN-GB style='color:navy'>Richard
 Williams</span></font><font color=navy><span lang=EN-GB style='color:navy'><br>
email:</span><span lang=EN-GB> <a href="mailto:richard@everything4it.co.uk">richard@everything4it.co.uk</a></span></font><font
color=navy><span lang=EN-GB style='color:navy'> </span><span lang=EN-GB><br>
</span></font><font color=navy><span lang=EN-GB style='color:navy'>mobile:
07981 734697<br>
**************************************************** </span><span lang=EN-GB><br>
</span></font><font size=2 color=black><span lang=EN-GB style='font-size:10.0pt;
color:black'>The contents of this email message and any attachments are
confidential and are intended solely for addressee. The </span></font><font
 size=2 color=black><span lang=EN-GB style='font-size:10.0pt;color:black'>info</span></font><font
size=2 color=black><span lang=EN-GB style='font-size:10.0pt;color:black'>rmation
may also be legally privileged. This transmission is sent in trust, for the
sole purpose of delivery to the intended recipient. If you have received this
transmission in error, any use, reproduction or dissemination of this
transmission is strictly prohibited. If you are not the intended recipient,
please immediately notify the sender by reply email or at +44(0)7981 734697 and
delete this message and its attachments, if any</span></font><font size=2
color=black><span lang=EN-GB style='font-size:10.0pt;color:black'>.</span></font></p>

<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt'> </span></font></p>

</div>

</body>

</html>
<BR>

<P><FONT SIZE=2>No virus found in this outgoing message.<BR>
Checked by AVG Free Edition.<BR>
Version: 7.5.472 / Virus Database: 269.8.15/847 - Release Date: 12/06/2007 21:42<BR>
</FONT> </P>