Hi Everyone:
I Wana Create a Basic FireWall on my Sun box by using Ip Filter.It look
as
Externet Solaris2.5 Intranet
---------------+AHw- IP filter +AHw-----------------
10.80.3.10 192.168.100.1
255.255.0.0 255.255.255.0
hme0 nf0 (FDDI)
I want deny All accessing from extranet.except for any Intranet WWW
Sites(192.168.100.10) and port 1251.Then I create a filte list as
following.but Intranet user don't access Externet WWW Site(TCP port 80). I
don't know why? maybe i'm very fool.
+ACM---------------------ipf.conf---------------------------
block in log quick from any to any with ipopts
block in log quick proto tcp from any to any with short
block in all with frag
pass out on hme0 all head 150
block out from 127.0.0.0/8 to any group 150
block out from any to 127.0.0.0/8 group 150
block out from any to 10.80.3.250/32 group 150
pass in on hme0 all head 100
block in from 127.0.0.0/8 to any group 100
block in from 10.80.3.250/32 to any group 100
block in from 137.144.120.10/0xffff0000 to any group 100
block in log quick proto tcp from 10.80.0.0/16 to 137.144.0.0/16 port +AD0- 80
group 100
pass in log quick proto tcp from any to 137.144.120.50/32 port +AD0- 80
group 100
pass in log quick proto tcp from any to 137.144.210.20/32 port +AD0- 80
group 100
pass out on nf0 all head 350
block out from 127.0.0.0/8 to any group 350
block out from any to 127.0.0.0/8 group 350
block out from any to 137.144.120.10/32 group 350
pass in on nf0 all head 300
block in from 127.0.0.0/8 to any group 300
block in from 137.144.120.10/32 to any group 300
block in from 10.80.3.250/0xffffff00 to any group 300
can you help me?
thinks+ACE-
Sunshine
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
