I wasn't able to get it working using the method you stated but I was ble to
make it work by adding the following ipchains rule to
/etc/rc.d/init.d/bastille-firewall:
$IPCHAINS -A input -p tcp -s 192.168.10.10/32 -d 192.168.10.1/32 8443 -j
ACCEPT
In the above line "192.168.10.10/32" refers to the external computer
administering the Firewall. the "/32" limits it to that address only. The
192.168.10.1/32 8443" refers to the IP Address (192.168.10.1/32) and admin
port (8443) on the external Network Card of the firewall.
I hope this helps others out.
BTW, The addresses I used in this message are fake.:)
Thanks,
Steve
On Tuesday 17 April 2001 04:57, you wrote:
> On Tuesday 17 April 2001 10:11, you wrote:
> > On Sunday 15 April 2001 00:16, you wrote:
> > > I showed Mandrake Security to my Boss and he loved it. He wants to look
> > > into installing it at our clients networks around the region. We would
> > > need to administer it from our main office.
> > >
> > > Which file would I need to modify to enter an IP address that's allowed
> > > to manage Mandrake Firewall from an external IP address?
> > >
> > > We need to be able to manage the system from over the internet but want
> > > to set it to only respond to a specific IP address.
> >
> > Hi,
> >
> > You need to open the port 8443 in "Internet Traffic" to allow
> > the connection to your firewall from the outside.
> >
> > You can then connect using
> > https://external_IP:8443/
>
> And I should have read your mail more thouroughly...
>
> You need to look at /etc/bastille-firewall.conf and
> /etc/ini.d/bastille-firewall, and adapt it to specify a
> source IP to the rule allowing incoming public traffic
> (see the TCP_PUBLIC_SERVICES variable and the rule
> using it).
>
> You could even add this feature to the web frontend with a little more
> work, tell us if you're interested (the developer documentation is not
> finished yet, but we can help you: all that is required is a few lines of
> xml).
>
> The frontend writes in the variable TCP_PUBLIC_SERVICES in the naat tool
> configuration file (/var/lib/naat/configuration). This variable lists the
> allowed ports with the format: port1 (forward=xxx action=allow), port2
> (forward=... action=...), and so on.
> For instance: ftp (forward=192.168.1.42 action=allow), 8443 (forward=---
> action=allow)
> The TCP_PUBLIC_SERVICES variable in /etc/bastille-firewall.conf lists
> only the ports (extracted from above). You can look at the template
> /usr/share/naat/templates/etc/bastille-firewall.conf
>
> We could add a "from" parameter to restrict to a specific source IP:
> 8443 (forward=--- action=allow from=xxx.xxx.xxx.xxx)
> and adapt the template to bastille-firewall.conf and the bastille-firewall
> init script to use this "from" parameter.
>
> Hope this helps. Tell us if you need any more informations.
> Regards,
> Renaud
