[Firehol-support] Firewall on DMZ

Tony Peña emperor.cu at gmail.com
Thu Apr 30 14:39:18 BST 2015


Hi
I want to stop flood syn traffic over http from external ip but I have only
eth0 on linux

I have the linux on dmz with ip 192.168.7.1 and only eth0
I have setup the snat from public ip from the router to linux to 80 and 443

But when i set on firehol

-------------------------
version 5

Trusted_ip="other ip trusted"

blacklist full "list black ip"

Interface eth0 ethernet
  Policy drop
  Server "http https" accept src "$trusted_ip"
  Client all accept
------------------------------------

Can't access from my trust ip to apache

On the /var/log/messages i can see request failed of kernel from any
including my trusted ip.


My question is how can i set firehol if on my server is on dmz and have
only 1 ethernet access?

from internet --> router (SNAT any to --> eth0 linux
from lan (192.168.0.1/24) --> routing to --> eth0 linux

when firehol is active nobody access to http and https

Any idea?

Thanxs in advace

-- 
Antonio Peña
Secure email with PGP 0x8B021001 available at https://pgp.mit.edu
<https://pgp.mit.edu/pks/lookup?search=0x8B021001&op=index&fingerprint=on&exact=on>
Fingerprint: 74E6 2974 B090 366D CE71  7BB2 6476 FA09 8B02 1001



More information about the Firehol-support mailing list