[Firehol-support] Firehol Problem - Please Help

Andrei Verovski (aka MacGuru) andreil1 at starlett.lv
Wed Sep 23 15:21:40 BST 2009

Hi, folks,

I have SuSE Linux server which acts as 2-interface router & firewall  
firehol package for firewalling setup.

Basically I'm need to make local services running on local PC
over the internet (port forwarding).

Below is a part of firehol.conf

I have tried different things, like "router world2lan inface "$ 
outface "${if_lan}" route mygvsv accept dst", swapping  
commands" in world2lan configuration, explicitly opening "mygvsv" ports
with "server mygvsv accept", etc., nothing worked.

Something very simple is missing but I could not figure out waht.

Any help is greatly appreciated. Thanks in advance.




#transparent_squid 3128 squid inface "${if_lan}"
transparent_proxy 80 3128 "squid root bin andrei" inface "${if_lan}"
src "${intranet_ips}"

# Video surveillance software.
client_mygvsv_ports="5548 5549"
server_mygvsv_ports="tcp/5548 tcp/5549"

nat to-destination inface "${if_world}" proto tcp
dport "${client_mygvsv_ports}"

interface "${if_lan}" lan src "${intranet_ips}"
	policy reject
	# server "dns ftp samba squid dhcp http ssh icmp"	accept
	server all accept
	client all accept
interface "${if_world}" world src not "${intranet_ips} $ 
	protection strong 10/sec 10
	server "ssh http https ftp dns smtp smtps pop3 pop3s sip" accept
	server ident reject with tcp-reset
	client all accept

router lan2world inface "${if_lan}" outface "${if_world}"
	route all accept
router world2lan inface "${if_world}" outface "${if_lan}"
	route mygvsv accept
	route ident reject with tcp-reset

More information about the Firehol-support mailing list