[Firehol-support] Firewall on DMZ
Tony Peña
emperor.cu at gmail.com
Thu Apr 30 15:39:18 CEST 2015
Hi
I want to stop flood syn traffic over http from external ip but I have only
eth0 on linux
I have the linux on dmz with ip 192.168.7.1 and only eth0
I have setup the snat from public ip from the router to linux to 80 and 443
But when i set on firehol
-------------------------
version 5
Trusted_ip="other ip trusted"
blacklist full "list black ip"
Interface eth0 ethernet
Policy drop
Server "http https" accept src "$trusted_ip"
Client all accept
------------------------------------
Can't access from my trust ip to apache
On the /var/log/messages i can see request failed of kernel from any
including my trusted ip.
My question is how can i set firehol if on my server is on dmz and have
only 1 ethernet access?
from internet --> router (SNAT any to --> eth0 linux
from lan (192.168.0.1/24) --> routing to --> eth0 linux
when firehol is active nobody access to http and https
Any idea?
Thanxs in advace
--
Antonio Peña
Secure email with PGP 0x8B021001 available at https://pgp.mit.edu
<https://pgp.mit.edu/pks/lookup?search=0x8B021001&op=index&fingerprint=on&exact=on>
Fingerprint: 74E6 2974 B090 366D CE71 7BB2 6476 FA09 8B02 1001
More information about the Firehol-support
mailing list