[Firehol-support] Question about virtual interface

Tony Peña emperor.cu at gmail.com
Fri Apr 26 23:46:35 BST 2013

I'm wondering how can i setup a firehol.conf with 1 physical and virtual at
same time
I got now a server outside of my country and is very difficult if i try to
setup iptables security and lost my conex...

I used firehol before, with normal ethernets... eth0 and eth1, but never
with eth0:1,...


i got this...

eth0 and eth0:1 to into server from

internet.......cisco....[real-wan-ip] nat inside eth0....10.x.y.z
internet.......same cisco [real-wan-ip+1] nat inside eth0:1 ....10.x.y.z+1

if i try

interface eth0 phy-net
     policy drop
     server icmp accept
     server ssh accept
     cliente all accept

interface eth0:1 virt-net
    policy drop
    server icmp accept
    server ssh accept
    client all accept

i can't hit with icmp / ssh ping to eth0 or eth0:1...

for other reason i need to use this eth0:1 to can use other service running
on there.
any help will be appreciated...
my server is only supported now by fail2ban, to try keeping out attacks...
missing my firehol.conf to defender more harder..

question: if I type firehol try, and still can't commit the changes.. is
very secure to recover my conex if before my ssh is restore because have
now 0 rules applied ?

Thanxs in advance

Antonio Peña
Secure email with PGP 0x8B021001 available at http://pgp.mit.edu
Fingerprint: 74E6 2974 B090 366D CE71  7BB2 6476 FA09 8B02 1001
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20130426/8b940cce/attachment-0002.html>

More information about the Firehol-support mailing list