Lonnie,
Thanks for the documentation. Of course this prompted me to look at
stuff I have never looked at before and of course generates questions.
Take transparent-dnat. Does this solve the situation where I have an
internal client that attempts to access a service (say FTP) which is in
fact located inside my LAN or on my AstLinux box.
For example, if I am *outside* my LAN and request a service at "
ftp.mydomain.org:21" then the external DNS servers resolve the name to the
IP address of my Astlinux eth0/EXTIF. And the client *outside* my LAN
directs the traffic to "myIP:21" Now lets say port 21 is forwarded by
Astlinux to an internal LAN ip 192.168.1.10 (that may be a different port
number).
Now if I am *inside* my LAN and have done nothing, then the DNS name
resolution still resolves to eth0/EXTIF. But because the traffic is coming
from inside to eth1/INTIF it is not caught by the firewall and forwarded to
the internal host. Instead it tries to connect to the Astlinux box (which
may, or may not, accept traffic on port 21).
The way I have resolved this is by setting up a static hostname in Astlinux
DNS so that internal clients get the IP address of the internal server when
they use the name, so ftp.mydomain.org will resolve to 192.168.1.10, which
is the same host that any external traffic arriving on eth0 port 21 would
get forwarded to. However this is not port specific, so if I had multiple
services handled by different hosts there is no way to handle that.
Does this plugin, or is there another plugin, that would help? Ideally
what I want is a way to tell the firewall that any traffic originating from
an internal IP that is destined for the external IP of my Astlinux box be
handled by the firewall just as if it had arrived on the EXTIF and be
forwarded (or blocked, or whatever).
Thanks,
David
On Sat, Oct 6, 2012 at 7:45 PM, Lonnie Abelbeck
<[email protected]>wrote:
> Hi,
>
> Due to recent questions about firewall plugins, we decided to add a
> "Firewall Plugins" section in the documentation WiKi...
>
> WiKi: Tips and Tricks -> Networking -> Firewall Plugins
>
> http://doc.astlinux.org/userdoc:tt_firewall_plugins
>
> I predict even long time users might find a new tidbit here, so please
> take a look and report any changes or clarifications that might be useful
> to others.
>
> Lonnie
>
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Astlinux-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> [email protected].
>
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
