[Firehol-support] firewall issue

Carlos Rodrigues carlos.efr at mail.telepac.pt
Wed Mar 29 14:15:48 CEST 2006


You can add a router command:

router eth1-to-eth1 inface eth1 outface eth1
         route all accept

But this isn't enough if the server also has a localnet address. If it
does, a source nat will be needed (the client sends traffic to the
server through the firewall, then the server replies directly - with
the source being its localnet address - and the client refuses the
replies).

On 3/29/06, Catalin Constantin <catalin at bounce-software.com> wrote:
> hi there,
>
> here is my network configuration.
> 1 public IP
> 1 subnet
> 1 local net
>
> the router has 2 lan cards.
> eth0 for internet
> eth1 for localnet
>
> on eth0 i have the public IP
> on eth1 i have:
> - localnet (192.168.0.1)
> - the 1st ip of the subnet
>
> this means i can have routable ips from the subnet in my LAN (eth1).
>
> the issue i have:
> 1) from a computer with local ip (192.168.0.X) i can't reach an IP
> from subnet (except the one from the router)
>
> i get in the logs something like:
> PASS-unknown:IN=eth1 OUT=eth1 SRC=192.168.0.2 DST=81.196.107.35 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=42000 DF PROTO=TCP SPT=2771 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
>
> 192.168.0.2 is my workstation ip (eth1 on server)
> 81.196.107.35 is the server 2 IP from public subnet /29
> which is also eth1 (same switch like i am).
>
>
>
> i guess it is a "router" command issue but i can't figure it out.
>
> router r1 inface eth1 outface eth1
>        .......
>
>
> Thank you for your time !
>
>
> --
> Catalin Constantin
> Bounce Software
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>


--
Carlos Rodrigues




More information about the Firehol-support mailing list