[Firehol-support] Firehol Problem - Please Help

Andrei Verovski (aka MacGuru) andreil1 at starlett.lv
Wed Sep 23 15:21:40 BST 2009


Hi, folks,

I have SuSE Linux server which acts as 2-interface router & firewall  
with
firehol package for firewalling setup.

Basically I'm need to make local services running on local PC  
192.168.0.16
over the internet (port forwarding).

Below is a part of firehol.conf

I have tried different things, like "router world2lan inface "$ 
{if_world}"
outface "${if_lan}" route mygvsv accept dst 192.168.0.16", swapping  
"route
commands" in world2lan configuration, explicitly opening "mygvsv" ports
with "server mygvsv accept", etc., nothing worked.

Something very simple is missing but I could not figure out waht.

Any help is greatly appreciated. Thanks in advance.


-------------------------------------------------------

if_world="eth4"
if_lan="eth0"

intranet_ips="192.168.0.0/16"

#transparent_squid 3128 squid inface "${if_lan}"
transparent_proxy 80 3128 "squid root bin andrei" inface "${if_lan}"
src "${intranet_ips}"

# Video surveillance software.
client_mygvsv_ports="5548 5549"
server_mygvsv_ports="tcp/5548 tcp/5549"


nat to-destination 192.168.0.16 inface "${if_world}" proto tcp
dport "${client_mygvsv_ports}"

interface "${if_lan}" lan src "${intranet_ips}"
	policy reject
	# server "dns ftp samba squid dhcp http ssh icmp"	accept
	server all accept
	client all accept
	
interface "${if_world}" world src not "${intranet_ips} $ 
{UNROUTABLE_IPS}"
	protection strong 10/sec 10
	server "ssh http https ftp dns smtp smtps pop3 pop3s sip" accept
	server ident reject with tcp-reset
	client all accept

router lan2world inface "${if_lan}" outface "${if_world}"
	masquerade
	route all accept
	
router world2lan inface "${if_world}" outface "${if_lan}"
	route mygvsv accept
	route ident reject with tcp-reset






More information about the Firehol-support mailing list