What is the "correct procedure" for accepting/handling traffic to services
running on the firewall?
I have a two interface set-up with three zones: net/fw/loc
if1 is net, DHCP address assigned by my supplier
if0 is loc, 10.10.10.1
I want to allow SSH on port 3333 to access SSH server running on FW, if source
matches 123.456.789.0/24
And I want to allow RDP on port 3389 to access RDP server running on FW, if
source matches 123.456.789.0/24
At the moment, I'm using this construct which is working, but it feels like I
should be using DNAT, which I could not get working.
REDIRECT:debug net:123.456.789.0/24 3333 tcp 3333
DROP net all tcp 3333
REDIRECT:debug net:123.456.789.0/24 3389 tcp 3389
DROP net all tcp 3389
(the two DROP entries are only so I can enable logging quickly for dropped
packets)
I'm using Shorewall 5.0.4 on an Ubuntu 16.04.LTS system, and Webmin to manage
it.
-joho
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
