Assuming:
A.B.C.D - GNAT Box External IP address
X.Y.Z.1 - GNAT Box PSN (DMZ) IP Address
X.Y.Z.2 - FTP Server
X.Y.Z.3 - Mail Server
X.Y.Z.4 - Web Server
Then the configuration you need is:
Tunnel from A.B.C.D TCP port 20 to X.Y.Z.2 port 20, with the filter box
checked
or a filter to allow A.B.C.D to be accessed on TCP
port 20
Tunnel from A.B.C.D UDP port 20 to X.Y.Z.2 port 20, with the filter box
checked
or a filter to allow A.B.C.D to be accessed on UDP
port 20
Tunnel from A.B.C.D TCP port 21 to X.Y.Z.2 port 21, with the filter box
checked
or a filter to allow A.B.C.D to be accessed on TCP
port 21
Tunnel from A.B.C.D UDP port 21 to X.Y.Z.2 port 21, with the filter box
checked
or a filter to allow A.B.C.D to be accessed on UDP
port 21
Tunnel from A.B.C.D TCP port 25 to X.Y.Z.3 port 25, with the filter box
checked
or a filter to allow A.B.C.D to be accessed on TCP
port 25
Tunnel from A.B.C.D UDP port 25 to X.Y.Z.3 port 25, with the filter box
checked
or a filter to allow A.B.C.D to be accessed on UDP
port 25
Tunnel from A.B.C.D TCP port 80 to X.Y.Z.4 port 80, with the filter box
checked
or a filter to allow A.B.C.D to be accessed on TCP
port 80
Tunnel from A.B.C.D UDP port 80 to X.Y.Z.4 port 80, with the filter box
checked
or a filter to allow A.B.C.D to be accessed on UDP
port 80
Some of those UDP tunnels and filters are superfluous, but they shouldn't
hurt
anything, either.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Michael Givens
Sent: Friday, February 18, 2000 9:06 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Rules ?
First run down on what I have: Gnat Box Light v3.01 (for testing)
What I want to do is -
Provide tunneling from IP on the Gnat Box to and 192.168 IP in the DMZ. I
have 4 servers inside the DMZ running the following ports. (21, 22, 25,
80). What I gathered in the documentation is that I need a valid IP even
for the tunneled IP addresses, in other words, the Gnat box would have 5
valid IP's on it and just pass the tunneled session through on to the
192.168.x.x address on what ever port I choose. Is this correct, or can I
have one valid IP and pass any port to any IP (192.168.x.x) through the Gnat
box ???
Is it as simple as:
<tcp> <ip of Gnat box = 209.254.x.70> <80> <ip 192.168.1.1> <80>
<tcp> <ip of Gnat box = 209.254.x.70> <25> <ip 192.168.1.2> <25>
and so on ?????
Thanks for the reply !
Mike
----- Original Message -----
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 17, 2000 11:59 PM
Subject: RE: Rules ?
Mike,
Why don't you let the list know what you're working with (high level
overview of hardware), and what you're wanting to do with GnatBox (please
include the GB version)? That will give us a base point to start from.
TIA,
Greg Byrd
-----Original Message-----
From: Michael Givens [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 17, 2000 6:11 PM
To: [EMAIL PROTECTED]
Subject: Rules ?
I am new to the Gnat family and am trying out the gb-light version, and was
wondering are they any web sites that perhaps have a little better
documentation then the actual user manual ?
Right now I run a Firewall 1 box at work, (don't hate me) and I am checking
out the Gnat box for our new T-1 we will be getting, and some times user
docs are just a little hard to understand. Now I am not stupid, just
confused on some of the rules and why they are that way !
Please point me in the right direction.
TIA,
Mike
