Re: [Efw-user] Use Public IP from LAN
On 09/24/2014 01:24 PM, ANIS El Achèche wrote: Now I want that the traffic between my local IP and Red IP will be allowed, the FW log shows me this INPUTFW:DROP TCP 192.168.1.xx:port - RED IP: port You don't need NAT if you want a GREEN client to go out in WAN on some non standard (meaning, not defined by default in Firewall) port/service. Just allow it in Outgoing firewall. More info at [1]. REFERENCE: [1] How To [KB]: http://help.endian.com/entries/21231431-Applications-fail-to-connect-from-behind-an-Endian-UTM-Appliance -- :: e n d i a n :: security with passion :: Alexandru Gheorghe :: http://www.endian.com signature.asc Description: OpenPGP digital signature -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Use Public IP from LAN
I know that, but when I use my REDIP from my LAN the FW block that request! *El Achèche ANIS* *An Ubuntu-tn Member Events Team Coordinator* *Official Ubuntu Member **|** Member @CLibre.tn | Junior SysAdmin @ApptivIT* *elache...@ubuntu.com elache...@ubuntu.com | # whoami http://wiki.ubuntu.com/elacheche* *I am what I am because of who we all are - The Ubuntu Philosophy* On Wed, Sep 24, 2014 at 11:33 AM, Alexandru Gheorghe a.gheor...@endian.com wrote: On 09/24/2014 01:24 PM, ANIS El Achèche wrote: Now I want that the traffic between my local IP and Red IP will be allowed, the FW log shows me this INPUTFW:DROP TCP 192.168.1.xx:port - RED IP: port You don't need NAT if you want a GREEN client to go out in WAN on some non standard (meaning, not defined by default in Firewall) port/service. Just allow it in Outgoing firewall. More info at [1]. REFERENCE: [1] How To [KB]: http://help.endian.com/entries/21231431-Applications-fail-to-connect-from-behind-an-Endian-UTM-Appliance -- :: e n d i a n :: security with passion :: Alexandru Gheorghe :: http://www.endian.com -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Use Public IP from LAN
On 09/24/2014 02:00 PM, ANIS El Achèche wrote: I know that, but when I use my REDIP from my LAN the FW block that request! Then you need to specify to allow in Firewall System access (specify the source ip to be safe). System access must match INPUTFW chain which is defined in INPUT (filter table) of netfilter (see with iptables). -- :: e n d i a n :: security with passion :: Alexandru Gheorghe :: http://www.endian.com signature.asc Description: OpenPGP digital signature -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user