[Firehol-support] Firehol Problem - Please Help
Andrei Verovski (aka MacGuru)
andreil1 at starlett.lv
Wed Sep 23 15:21:40 BST 2009
Hi, folks,
I have SuSE Linux server which acts as 2-interface router & firewall
with
firehol package for firewalling setup.
Basically I'm need to make local services running on local PC
192.168.0.16
over the internet (port forwarding).
Below is a part of firehol.conf
I have tried different things, like "router world2lan inface "$
{if_world}"
outface "${if_lan}" route mygvsv accept dst 192.168.0.16", swapping
"route
commands" in world2lan configuration, explicitly opening "mygvsv" ports
with "server mygvsv accept", etc., nothing worked.
Something very simple is missing but I could not figure out waht.
Any help is greatly appreciated. Thanks in advance.
-------------------------------------------------------
if_world="eth4"
if_lan="eth0"
intranet_ips="192.168.0.0/16"
#transparent_squid 3128 squid inface "${if_lan}"
transparent_proxy 80 3128 "squid root bin andrei" inface "${if_lan}"
src "${intranet_ips}"
# Video surveillance software.
client_mygvsv_ports="5548 5549"
server_mygvsv_ports="tcp/5548 tcp/5549"
nat to-destination 192.168.0.16 inface "${if_world}" proto tcp
dport "${client_mygvsv_ports}"
interface "${if_lan}" lan src "${intranet_ips}"
policy reject
# server "dns ftp samba squid dhcp http ssh icmp" accept
server all accept
client all accept
interface "${if_world}" world src not "${intranet_ips} $
{UNROUTABLE_IPS}"
protection strong 10/sec 10
server "ssh http https ftp dns smtp smtps pop3 pop3s sip" accept
server ident reject with tcp-reset
client all accept
router lan2world inface "${if_lan}" outface "${if_world}"
masquerade
route all accept
router world2lan inface "${if_world}" outface "${if_lan}"
route mygvsv accept
route ident reject with tcp-reset
More information about the Firehol-support
mailing list