public dmz on third firewall interface - fwbuilder can't create a forward rule (why?)
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
public dmz on third firewall interface - fwbuilder can't create a forward rule (why?)
by Stefano Gasparini
::
Rate this Message:
Hi Guys,
i have encountered a problem to switch a very old firewall from iptables to fwbuilder ... the fw is composed with three zones localnet/10.10.0.0/16, internet/195.103.219.0/28 and a public dmz/195.103.219.17/28 it seems to me that the compiler did not create correct forward chain when a packet arrives on eth0 interface (internet) with destination dmz ... (it must be forwarded to eth2/dmz) ... the compiler make a rule on the input chain, for me this is not correct. Anyone say to me if there is a misunderstanding? NETWORK = 195.103.219.0/26 = 64 addresses INTERNET ROUTER = 195.103.219.1 | | eth0 = 195.103.219.2 FW / \ / \ 195.103.219.17/28 eth2 DMZ LOCALNET eth1 10.10.0.0/16 If a packet arrives on interface eth0 whit dest address 195.103.219.19 i think that the correct chain that the compiler has to create is a FORWARD CHAIN ... and that should not be happen ... the firewall create a single rule on INPUT chain ... $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --sport 1024:65535 -d 195.103.219.19 --dport 25 -m state --state NEW -j ACCEPT Many many thanks in advance. Best regards Stefano Gasparini ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |
|
|
Re: public dmz on third firewall interface - fwbuilder can't create a forward rule (why?)
by Vadim Kurland ✎
::
Rate this Message:
On Jul 29, 2009, at 8:55 AM, Stefano Gasparini wrote: > Hi Guys, > i have encountered a problem to switch a very old firewall from > iptables to fwbuilder ... > the fw is composed with three zones localnet/10.10.0.0/16, internet/ > 195.103.219.0/28 and a public dmz/195.103.219.17/28 > it seems to me that the compiler did not create correct forward > chain when a packet arrives on eth0 interface (internet) with > destination > dmz ... (it must be forwarded to eth2/dmz) ... the compiler make a > rule on the input chain, for me this is not correct. > Anyone say to me if there is a misunderstanding? > > NETWORK = 195.103.219.0/26 = 64 addresses > > INTERNET ROUTER = 195.103.219.1 > | > | eth0 = 195.103.219.2 > FW > / \ > / \ > 195.103.219.17/28 eth2 DMZ LOCALNET eth1 10.10.0.0/16 > > If a packet arrives on interface eth0 whit dest address > 195.103.219.19 i think that the correct chain that the compiler has > to create > is a FORWARD CHAIN ... and that should not be happen ... the > firewall create a single rule on INPUT chain ... > > $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --sport 1024:65535 -d > 195.103.219.19 --dport 25 -m state --state NEW -j ACCEPT what ip address and netmask are associated with object eth2 in fwbuilder ? Vadim Kurland ✍ vadim@... ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |
| Free embeddable forum powered by Nabble | Forum Help |
