[Firehol-support] Firewall on DMZ
costa at tsaousis.gr
Thu Apr 30 16:07:04 BST 2015
Could you please post the iptables log line of the failed request?
Replace $trusted_ip if you don't want us to know the IP.
Where do you get log line? On the web server or the router?
On Thu, Apr 30, 2015 at 4:39 PM, Tony Peña <emperor.cu at gmail.com> wrote:
> I want to stop flood syn traffic over http from external ip but I have only
> eth0 on linux
> I have the linux on dmz with ip 192.168.7.1 and only eth0
> I have setup the snat from public ip from the router to linux to 80 and 443
> But when i set on firehol
> version 5
> Trusted_ip="other ip trusted"
> blacklist full "list black ip"
> Interface eth0 ethernet
> Policy drop
> Server "http https" accept src "$trusted_ip"
> Client all accept
> Can't access from my trust ip to apache
> On the /var/log/messages i can see request failed of kernel from any
> including my trusted ip.
> My question is how can i set firehol if on my server is on dmz and have
> only 1 ethernet access?
> from internet --> router (SNAT any to --> eth0 linux
> from lan (192.168.0.1/24) --> routing to --> eth0 linux
> when firehol is active nobody access to http and https
> Any idea?
> Thanxs in advace
> Antonio Peña
> Secure email with PGP 0x8B021001 available at https://pgp.mit.edu
> Fingerprint: 74E6 2974 B090 366D CE71 7BB2 6476 FA09 8B02 1001
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
More information about the Firehol-support