RE: [Security Firewall] Rules

Fri, 15 Oct 2004 09:14:54 -0700 

Florin,

I'm trying to allow myself access to the firewall's web interface and SSH
for administrative purposes.  I don't want just anyone to access it, just my
IP range.


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Florin
Sent: Friday, October 15, 2004 11:04 AM
To: [EMAIL PROTECTED]
Subject: Re: [Security Firewall] Rules


"Cencore Security" <[EMAIL PROTECTED]> writes:

> I want to give access to the Firewall's Web Interface & SSH to my IP only
> from another site running the MNF.

I still don't understand ... sorry ..

I understand that you want to access MNF->Firewall (= MNF) which doesn't
make sense to me ...

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Florin
> Sent: Thursday, October 14, 2004 4:19 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Security Firewall] Rules
>
>
> "Cencore Security" <[EMAIL PROTECTED]> writes:
>
> > One question I forgot.
> >
> > I've done this before but I cannot remember the structure of the rules.
I
> want to allow ssh and 8443 (that are running on the LAN interface) to be
> accessible (read redirected) from the external WAN interface on the
firewall
> (with specific IP address xxx.xxx.xxx.xxx).
> >
> > I thought maybe just:
> > #result       client  server  proto   port    client_port     address
> > REDIRECT wan:xxx.xxx.xxx.xxx    lan    tcp    8443     -
> > REDIRECT wan:xxx.xxx.xxx.xxx    lan    tcp    22     -
> > or
> > REDIRECT wan :xxx.xxx.xxx.xxx   lan    tcp    8443     -    192.168.1.1
> > REDIRECT wan :xxx.xxx.xxx.xxx   lan    tcp    22     -    192.168.1.1
> >
> > but that only hangs shorewall.  No matter what, it expects REDIRECT to
put
> a PORT where "lan" goes.  And in the web interface you must choose a
client
> zone from the drop down.
> >
> > I also tried:
> > DNAT    wan:xxx.xxx.xxx.xxx    lan:192.168.1.1    tcp    8443    -
>
> this rule will redirect a connection on the 8443 port coming from
> wan:xxx.xxx.xxx.xxx to lan:192.168.1.1 which I don't understand because
> 8443 is the web interface port ... running on the firewall.
>
> > DNAT    wan:xxx.xxx.xxx.xxx    lan:192.168.1.1    tcp    22    -
>
> same thing for ssh ...

-- 
Florin     http://www.mandrakesoft.com
    http://people.mandrakesoft.com/~florin/





____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

Reply via email to