On Wed, 2003-05-28 at 12:06, Frankie wrote: > Mr James Sparenberg did say: > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of James Sparenberg > > On Wed, 2003-05-28 at 07:35, Frankie wrote: > > Hi guys, > > > > > > I have a semi OT question about packet filter firewalls. > > > > Up till now, I have used linux IPCHAINS and IPTABLES firewalls were one > was > > required, and never had a problem... > > > > I just got hold of a DLINK DSL504 and set it up with a mixture of NAT and > > portforwarding.. all of which went fine. > > > > Then I did the usual thing when setting up a firewall, I set the firewall > to > > block everything, and then enabled the usual suspects, SSH, SMTP, HTTPD, > > HTTPS, and so on. which were all portforwarded to two linux boxes on the > > inside net.. > > > > Unfortunatly, when enabled, the firewall blocked all NAT traffic as > well... > > so with the firewall on, I can't do anything at all.. but my web sites > still > > get access, and my mail server works.. > > > > Does anyone have any experiance with router firmware firewalls and what I > > can do to get NAT working without opening the whole thing up?? > > I've got a D-Link 713P here that is working just fine... Question, is it > outbound or inbound traffic that is getting blocked? If it is outbound > then I've got a page that falls under the title Packet Filter. The > Default here was to block all outbound except special rules from > specific boxes. Then a button at the bottom to do the same for inbound. > Filtering can either be done in general or by mac address. > > James > > > > Jamies, I have a suspecion that you have alot more options then I do... > > I got around it for now by portforwarding whole ranges of ports to a non > existant internal IP... > > So I have stealth, and NAT, but I don't like doing it this way, somehow its > just not need. > > I have emailed the filter table to Dlink tech support, so hopefully someone > there will know. > > > regards > > Franki
Sounds like it... I had to deal with a Linksys today that gave us similar fits. It couldn't port forward say port 2200 to port 22 on an internal IP number ... so I had to make the internal Linux box listen to 2200 and 22.... then forward 2200 to 2200+ internal IP... that worked.... AAAAAAA! James
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
