[Firehol-support] Routing between virtual interfaces

M. O. mofog at hotmail.com
Sun Feb 8 22:16:30 GMT 2009 

It looks like this:


version 5
#FIREHOL_LOG_LEVEL="7"

#Define a transpartent proxy
transparent_squid 3128 "proxy root" src "192.168.1.0/24 192.168.2.0/24"

interface eth0 dhcp
    policy return
    server dhcp accept

# Define interfaces and accessable services
home_ips="192.168.0.0/16"

interface eth0 home src "${home_ips}"
    policy      reject
    server      custom  amavis  tcp/10024:10025 10024:10025     accept
    server      custom  mysql   tcp/3306        any             accept
    server      custom  spamass tcp/783         783             accept
    server      dns     accept
    server      dhcp    accept
    server      ftp     accept
    server      samba   accept
    server      squid   accept
    server      http    accept
    server      https   accept
    server      ssh     accept
    server      icmp    accept
    server      smtp    accept
    server      smtps   accept
    server      imap    accept
    server      imaps   accept
    server      ms_ds   accept
    server      ping    accept
    server      webmin  accept
    server      nfs     accept

    client      all     accept

interface ppp+ internet src not "${home_ips} ${UNROUTABLE_IPS}"
    protection  strong  10/sec  10
    server      ftp     accept
    server      http    accept
    server      https   accept
    server      ssh     accept
    server      smtp    accept
    server      smtps   accept
    server      imaps   accept
    server      custom  dccclient       udp/6277        any     accept

    server      ident   reject with tcp-reset

    client      all     accept

# General routing/masquerading
router home2internet inface eth0 outface ppp+
    masquerade
    server      all     accept

router internet2home inface ppp+ outface eth0
    server      ident   reject with tcp-reset

# Routing within this building
router enter2kyo src 192.168.0.2 dst 192.168.1.50 log "ENTER2KYO"
    route       all     accept
router delta2kyo src 192.168.0.4 dst 192.168.1.50 log "DELTA2KYO"
    route       all     accept
router chall2kyo src 192.168.0.6 dst 192.168.1.50 log "CHALL2KYO"
    route       all     accept
router defi2kyo src 192.168.0.100 dst 192.168.1.50 log "DEFI2KYO"
    route       all     accept

router enter2bro src 192.168.0.2 dst 192.168.1.51 log "ENTER2BRO"
    route       all     accept
router delta2bro src 192.168.0.4 dst 192.168.1.51 log "DELTA2BRO"
    route       all     accept
router chall2bro src 192.168.0.6 dst 192.168.1.51 log "CHALL2BRO"
    route       all     accept

# END OF FILE /etc/firehol/firehol.conf




> Date: Sun, 8 Feb 2009 18:16:15 +0000
> Subject: Re: [Firehol-support] Routing between virtual interfaces
> From: cefrodrigues at gmail.com
> To: mofog at hotmail.com
> CC: firehol-support at lists.sourceforge.net
> 
> On Fri, Feb 6, 2009 at 7:11 PM, M. O. <mofog at hotmail.com> wrote:
> > As you can see, there are some contradictory statements: one maps the
> > traffic from 192.168.0.4 to 192.168.1.51 successfully to the rule
> > "DELTA2BRO", and the next line tells the exact opposite (same addresses are
> > mapped to "PASS-unknown"). I'm quite in despair now.
> 
> What does your firehol.conf look like? Are you accepting all traffic?
> 
> -- 
> Carlos Rodrigues

_________________________________________________________________
http://redirect.gimas.net/?n=M0902xSearchVideo
Videosuche - Ganz einfach mit der Live Search
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20090208/f3d4ea68/attachment-0003.html>

More information about the Firehol-support mailing list