[Firehol-support] need some help setting up firehol.
Redeeman
redeeman at metanurb.dk
Sun Sep 11 00:43:58 BST 2005
Hello.. this is how my setup is:
i have three interface:
ppp0: my internet, via pppoe (my ip: 80.196.156.209)
eth0: nic, with direct connection to my workstation(1gbit for speed) (192.168.0.0/24)
eth1: nic, connected with a switch, for the rest of the lan (192.168.0.1/24)
what i need:
i need internet on both eth0 and eth1, therefore i believe i need nat from ppp0 to both eth0 and eth1.
now about that NAT, i saw that masquerade is expensive, and in my current firewall i am using snat, so i guess i would like that here too.
i also need to be able to have traffic between eth0 and eth1, so that my workstation can connect to the other pc's on my lan, and for this part i
am not sure, since i think that by doing:
echo "1" > /proc/sys/net/ipv4/ip_forward
it will forward traffic between interfaces, and then it might work, but as i said, i am not sure.. i would like your advice on how to do that, for now, it should just accept all traffic between the two interfaces.
and now for the part i am most unsure about, port forwarding.. i need to forward ports from the ppp0 interface(internet) to both my workstation and pc's on the lan. i would like suggestions from you on how to do this. if there are several ways i would like to see them all.
--------------------------------------------------
this is what i have so far, its without port forwarding though, and without(unless nothing is needed) traffic between workstation and lan support:
interface ppp0 internet
protection strong
server "http https smtp ftp ssh dns" accept
client "ftp ssh http https irc" accept
interface eth0 redeeman
policy accept
interface eth1 lan
protection strong
server "http https ssh ftp smtp imaps pop3s samba" accept
router redeeman2internet inface eth0 outface ppp0
snat to 80.196.156.209 outface ppp0 src 192.168.0.0/24
route all accept
router lan2internet inface eth1 outface ppp0
snat to 80.196.156.209 outface ppp0 src 192.168.0.1/24
route all accept
-------------------------------------------------------
now a note:
in the routers, in the snat statements, i saw i was supposed to give a dst too, but i dont know what, in my current firewall i do:
iptables -t nat -A POSTROUTING -s $INT_SUBNET -o $EXT_IFACE -j SNAT --to $EXT_IP
any help here would be apreciated
a few questions:
in the services, for example pop3, server ports are rcp/110, and client ports are default, does default in client ports mean the ports in server ports, just for outgoing traffic?
for services, i see ntp, it listens on the same portnr, on udp and tcp, for server ports.... on client ports it just allows outgoing traffic on port 123, and default. what does this mean?
if i have a router from lan to internet, where i router all, will pc's on the lan be limited by the client statements in my ppp0(internet) interface?
-----
thanks for all your help! i greatly apreciate it
Regards,
Redeeman - http://wiki.kaspersandberg.com
More information about the Firehol-support
mailing list