On Wed, 2003-05-28 at 07:35, Frankie wrote: > Hi guys, > > > I have a semi OT question about packet filter firewalls. > > Up till now, I have used linux IPCHAINS and IPTABLES firewalls were one was > required, and never had a problem... > > I just got hold of a DLINK DSL504 and set it up with a mixture of NAT and > portforwarding.. all of which went fine. > > Then I did the usual thing when setting up a firewall, I set the firewall to > block everything, and then enabled the usual suspects, SSH, SMTP, HTTPD, > HTTPS, and so on. which were all portforwarded to two linux boxes on the > inside net.. > > Unfortunatly, when enabled, the firewall blocked all NAT traffic as well... > so with the firewall on, I can't do anything at all.. but my web sites still > get access, and my mail server works.. > > Does anyone have any experiance with router firmware firewalls and what I > can do to get NAT working without opening the whole thing up??
I've got a D-Link 713P here that is working just fine... Question, is it outbound or inbound traffic that is getting blocked? If it is outbound then I've got a page that falls under the title Packet Filter. The Default here was to block all outbound except special rules from specific boxes. Then a button at the bottom to do the same for inbound. Filtering can either be done in general or by mac address. James > > I have linux IPTABLES filters setup on the linux machines as well, but I > want external port scans to show the ports as dropping all packets to closed > ports, not "closed" as they are now. > Since that end of things is done by the router, that is where I have to > tackle it. > > Anyone know anything that would be useful here?? (There is no MASQ setting > in the routers firewall config. :-) > > > > regards > > Franki > > > > > ______________________________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
