Thank you Pedro for your explanation. I much appreciate it !! Things become clearer...
On Wed, 2009-12-30 at 19:25 +0000, Pedro M. S. Oliveira wrote: > Hi Jonas, > When you specify target green or 192.168.1.25 this means that the packet > arriving on the uplink should have a destination ip of the green network or > 192.168.1.25 and usuually that doesn't happen because they are marked to > arrive at your red ip address (usually a public ip from your provider if you > use a classic network schema). > > lets put it this way: > > > 183.23.13.24 - ExtHost - host on internet > 213.21.23.23 - RedIP - your red ip address > 192.168.1.254 - GreenIP - your green ip address > 192.168.1.25 - HTSrv - your http server > > Now lets see the situation you described: > > "Access from : RED" does not work. I don't understand why. Do you ? > > "Target : GREEN" or "Target : 192.168.1.25" does not work. I don't > > understand why I can't use my LAN-client as target, as this is the > > client to where to portforward ?! > > ExtHost -> RedIP -> GreenIP - forwarding refused because your rule says > forward all packages with destination 192.168.1.25 but the package has > destination 213.21.23.23 (RedIP) and that's why it's not forwarded > > To accomplish this you could have something like: > Access from: Any (or anyuplink or uplink) > Target: Uplink or any uplink > IP: your internal server ip (192.168.1.25) > Type: IP > DNAT: NAT > Service: HTTP > > This way: > ExtHost -> RedIP -> GreenIP - forwarding accepted because access from and > target are matched as well the service port and packet will be forwarded to > the HTServ > > Access from is related to where the package is coming from. > Target is the package destination on ip header not your local intended > destination. > > With this new features on EFW you can have a greater control on more complex > networks where you may have different layers of firewalling and this will be > done just relying on the web interface, on version 2.2 with more complex > rules and different layers of firewalling you needed to write a bunch of > rules manually on command line. >
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
