My apologies if this question has been addressed before:
I'm setting up an IPfilter/NAT router configuration for a Solaris 10
system (192.168.0.1) where hme0 is the internal interface and hme1 is
the external Internet interface. I want only one system (192.168.0.5)
within the internal domain (192.168.0.0/24) to be able to access the
Solaris 10 via ssh however all internal systems need to pass traffic
through the internal interface so that it can be sent out the external
interface:
pass in quick on hme0 from 192.168.0.0/24 to any keep state
for internal systems Internet access
pass in quick on hme0 from 192.168.0.5/32 to 192.168.0.1/32 port = ssh
keep state
for a specific system ssh access to the Solaris router
It seems that by including the first rule that ALL internal systems
would have ssh access to the Solaris router which would make the
second rule pointless.
Is there a way to permit all internal systems access to the external
network but only give one internal system ssh access to the router?
Thanks for any help.
Mike
