[Firehol-support] firewall issue
carlos.efr at mail.telepac.pt
Wed Mar 29 13:15:48 BST 2006
You can add a router command:
router eth1-to-eth1 inface eth1 outface eth1
route all accept
But this isn't enough if the server also has a localnet address. If it
does, a source nat will be needed (the client sends traffic to the
server through the firewall, then the server replies directly - with
the source being its localnet address - and the client refuses the
On 3/29/06, Catalin Constantin <catalin at bounce-software.com> wrote:
> hi there,
> here is my network configuration.
> 1 public IP
> 1 subnet
> 1 local net
> the router has 2 lan cards.
> eth0 for internet
> eth1 for localnet
> on eth0 i have the public IP
> on eth1 i have:
> - localnet (192.168.0.1)
> - the 1st ip of the subnet
> this means i can have routable ips from the subnet in my LAN (eth1).
> the issue i have:
> 1) from a computer with local ip (192.168.0.X) i can't reach an IP
> from subnet (except the one from the router)
> i get in the logs something like:
> PASS-unknown:IN=eth1 OUT=eth1 SRC=192.168.0.2 DST=126.96.36.199 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=42000 DF PROTO=TCP SPT=2771 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
> 192.168.0.2 is my workstation ip (eth1 on server)
> 188.8.131.52 is the server 2 IP from public subnet /29
> which is also eth1 (same switch like i am).
> i guess it is a "router" command issue but i can't figure it out.
> router r1 inface eth1 outface eth1
> Thank you for your time !
> Catalin Constantin
> Bounce Software
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
More information about the Firehol-support