Re: [Astlinux-users] Firewall forwarding

2016-05-30 Thread Michael Keuter
Very good. That helps alot. @Michael: Maybe you could add an example, how to configure the downstream router (in principle), to the Wiki. Sent from my iPad Michael > Am 30.05.2016 um 19:04 schrieb Lonnie Abelbeck : > > The new NAT_FOREIGN_NETWORK variable is now documented in the WiKi... >

Re: [Astlinux-users] Firewall forwarding

2016-05-30 Thread Lonnie Abelbeck
The new NAT_FOREIGN_NETWORK variable is now documented in the WiKi... Internal Downstream Router https://doc.astlinux.org/userdoc:tt-internal-downstream-router Lonnie -- What NetFlow Analyzer can do for you? Monitors ne

Re: [Astlinux-users] Firewall forwarding

2016-05-29 Thread Lonnie Abelbeck
;> In this case, FOREIGN does not make as much sense. >> >> Regards >> Michael Knill >> >> >> -Original Message- >> From: Lonnie Abelbeck >> Reply-To: AstLinux List >> Date: Sunday, 29 May 2016 at 3:34 AM >> To: AstLinux List

Re: [Astlinux-users] Firewall forwarding

2016-05-29 Thread Michael Knill
you could configure by default all the Private networks? Regards Michael Knill -Original Message- From: Michael Keuter Reply-To: AstLinux List Date: Sunday, 29 May 2016 at 8:32 PM To: AstLinux List Subject: Re: [Astlinux-users] Firewall forwarding Sent from my iPad Michael &g

Re: [Astlinux-users] Firewall forwarding

2016-05-29 Thread Michael Keuter
Sent from my iPad Michael > Am 28.05.2016 um 21:43 schrieb Lonnie Abelbeck : > > >> On May 28, 2016, at 2:12 PM, Michael Keuter wrote: >> >> >> >> Sent from my iPad >> >> Michael >> >>> Am 28.05.2016 um 18:34 schrieb Lonnie Abelbeck : >>> >>> Hi Michael, >>> >>> Indeed dividing the /2

Re: [Astlinux-users] Firewall forwarding

2016-05-28 Thread Michael Knill
directly connected networks. I assume this should not be a problem? > In this case, FOREIGN does not make as much sense. > > Regards > Michael Knill > > > -Original Message- > From: Lonnie Abelbeck > Reply-To: AstLinux List > Date: Sunday, 29 May 2016

Re: [Astlinux-users] Firewall forwarding

2016-05-28 Thread Lonnie Abelbeck
rks. I assume this should not be a problem? > In this case, FOREIGN does not make as much sense. > > Regards > Michael Knill > > > -Original Message- > From: Lonnie Abelbeck > Reply-To: AstLinux List > Date: Sunday, 29 May 2016 at 3:34 AM > To: AstLinux

Re: [Astlinux-users] Firewall forwarding

2016-05-28 Thread Michael Knill
9 May 2016 at 3:34 AM To: AstLinux List Subject: Re: [Astlinux-users] Firewall forwarding Hi Michael, Indeed dividing the /24 into two /25's is a hack and should be ignored. The solution is, as you suggested, to add a rc.conf variable to specify routed LAN subnets downstream from AstLi

Re: [Astlinux-users] Firewall forwarding

2016-05-28 Thread Lonnie Abelbeck
On May 28, 2016, at 2:12 PM, Michael Keuter wrote: > > > Sent from my iPad > > Michael > >> Am 28.05.2016 um 18:34 schrieb Lonnie Abelbeck : >> >> Hi Michael, >> >> Indeed dividing the /24 into two /25's is a hack and should be ignored. >> >> The solution is, as you suggested, to add a rc

Re: [Astlinux-users] Firewall forwarding

2016-05-28 Thread Michael Keuter
Sent from my iPad Michael > Am 28.05.2016 um 18:34 schrieb Lonnie Abelbeck : > > Hi Michael, > > Indeed dividing the /24 into two /25's is a hack and should be ignored. > > The solution is, as you suggested, to add a rc.conf variable to specify > routed LAN subnets downstream from AstLinux

Re: [Astlinux-users] Firewall forwarding

2016-05-28 Thread Lonnie Abelbeck
Hi Michael, Indeed dividing the /24 into two /25's is a hack and should be ignored. The solution is, as you suggested, to add a rc.conf variable to specify routed LAN subnets downstream from AstLinux to be NAT'ed. I think the route to 'hidden' subnets downstream will still have to be a rc.eloc

Re: [Astlinux-users] Firewall forwarding

2016-05-27 Thread Lonnie Abelbeck
Ted networks! > > Regards > Michael Knill > > > -Original Message- > From: Lonnie Abelbeck > Reply-To: AstLinux List > Date: Saturday, 28 May 2016 at 11:39 AM > To: AstLinux List > Subject: Re: [Astlinux-users] Firewall forwarding > > > On Ma

Re: [Astlinux-users] Firewall forwarding

2016-05-27 Thread Michael Knill
firewalls require you to specify the NATed networks! Regards Michael Knill -Original Message- From: Lonnie Abelbeck Reply-To: AstLinux List Date: Saturday, 28 May 2016 at 11:39 AM To: AstLinux List Subject: Re: [Astlinux-users] Firewall forwarding On May 27, 2016, at 7:17 PM

Re: [Astlinux-users] Firewall forwarding

2016-05-27 Thread Lonnie Abelbeck
ave to ponder the best way to handle 192.168.6.0/24 packets on eth2 sent from behind the Cisco. Possibly some clever subnet choices where the Cisco WAN subnet and Cisco LAN subnet "add up" to the AstLinux 2nd interface LAN subnet. Lonnie > > Regards > Michael Knill >

Re: [Astlinux-users] Firewall forwarding

2016-05-27 Thread Michael Knill
all -- anywhere anywhere Does this mean that 192.168.6.0/24 is not being NATed? Regards Michael Knill -Original Message- From: Lonnie Abelbeck Reply-To: AstLinux List Date: Friday, 27 May 2016 at 11:47 PM To: AstLinux List Subject: Re: [Astlinux-users] Firewall

Re: [Astlinux-users] Firewall forwarding

2016-05-27 Thread Lonnie Abelbeck
Hi Michael, It sounds like you are on the correct path, but the devil is in the details, so let's talk details with an example. Assume the Cisco firewall is connected to AstLinux's 1st LAN Interface: AstLinux-LAN IPv4: 10.1.1.1 NetMask: 255.255.255.0 Assume the Cisco firewall has two interfaces