[Firehol-support] Interface config

Liquid liquid at liquid.cz
Thu Jul 21 19:21:45 BST 2005 

Hi all.

I have made my firehol.conf for testing configuration of my web server, now
on my home lan. 
When i use it, all is fine, but i cant do enything on interface eth1 -
private - 192.168.0.240 from private network.
Whats wrong with my firehol.conf? When i stop firehol, eth1 works fine.
Can you help me?
Many thanks.

Liquid

------------
version 5
# Services
server_openvpn_ports="udp/5000"
client_openvpn_ports="default"

# Servers
vilik_uff_cz="192.168.0.199"
mail_uff_cz="192.168.0.216"
web_uff_cz="192.168.0.217"

# Definition
internet_interface="eth0+"
internet_ips="192.168.0.199 192.168.0.216 192.168.0.217"
internet_servers_vilik="icmp ftp ssh dns http https openvpn webmin"
internet_servers_mail="icmp smtp https pop3s imaps"
internet_servers_web="icmp http"
internet_clients="all"
internet_requests="100/sec"
private_interface="eth1"
private_ips="192.168.0.240"
private_subnet="192.168.0.0/32"
private_servers="icmp ftp ssh dns"
private_clients="all"
private_requests="100/sec"

# Interface Privatni site
unset internet_params
test ! -z "${internet_ips}" && internet_params=(dst "${internet_ips}")

interface "${internet_interface}" internet "${internet_params[@]}"
	#src not "${UNROUTABLE_IPS}" "${internet_params[@]}"
	policy drop
	protection strong ${internet_requests}
	#server ident reject with tcp-reset
	server ident drop
	server "${internet_servers_vilik}" accept dst "${vilik_uff_cz}"
	server "${internet_servers_mail}" accept dst "${mail_uff_cz}"
	server "${internet_servers_web}" accept dst "${web_uff_cz}"
	client "${internet_clients}" accept

# Interface Privatni site
unset private_params
test ! -z "${private_subnet}" && private_params=(src "${private_subnet}")

unset private_params2
test ! -z "${private_ips}" && private_params2=(dst "${private_ips}")

interface "${private_interface}" private	#  \
	"${private_params[@]}" "${private_params2[@]}"
	policy accept
	protection strong ${private_requests}
	server ident reject with tcp-reset
	server "${private_servers}" accept
	client "${private_clients}" accept

# Routr z PRIVAT do internetu plus NAT
router private2internet inface eth1 outface eth0
	masquerade
	route all accept
	server ident reject with tcp-reset
-----------------------

More information about the Firehol-support mailing list