See the Quick Start Guide or Configuration Guide for multiple examples (http://www.vyatta.com/twiki/bin/view/Community/DocumentationSet) . Make sure you accept tcp established to ensure that responses to outbound requests make it back through the firewall.
Best, Justin On Jan 29, 2008 8:05 PM, Go Wow <[EMAIL PROTECTED]> wrote: > This is my complete configuration, I want to add firewall such that all the > internal LAN should be able to access internet as there are having access > now without firewall, I want only port 80 443 to be open to all (yes it > should be accessible from anywhere) and lastly I have a webserver nat'ted on > port 81 of eth0 I want to access that too rest all should be blocked, can > someone please define the rules for this. > > > protocols { > rip { > interface eth0 { > address 192.168.10.45 { > metric: 1 > horizon: "split-horizon-poison-reverse" > disable: false > passive: false > accept-non-rip-requests: true > accept-default-route: true > advertise-default-route: true > route-timeout: 180 > deletion-delay: 120 > triggered-delay: 3 > triggered-jitter: 66 > update-interval: 30 > update-jitter: 16 > request-interval: 30 > interpacket-delay: 50 > } > } > interface eth1 { > address 192.168.1.1 { > metric: 1 > horizon: "split-horizon-poison-reverse" > disable: false > passive: false > accept-non-rip-requests: true > accept-default-route: true > advertise-default-route: true > route-timeout: 180 > deletion-delay: 120 > triggered-delay: 3 > triggered-jitter: 66 > update-interval: 30 > update-jitter: 16 > request-interval: 30 > interpacket-delay: 50 > } > } > } > } > policy { > } > interfaces { > restore: false > loopback lo { > description: "" > address 192.168.2.1 { > prefix-length: 32 > disable: false > } > } > ethernet eth0 { > disable: false > discard: false > description: "" > hw-id: 00:1c:c0:0d:0c:85 > duplex: "auto" > speed: "auto" > address 192.168.10.45 { > prefix-length: 24 > disable: false > } > } > ethernet eth1 { > disable: false > discard: false > description: "" > hw-id: 00:08:a1:83:b7:1e > duplex: "auto" > speed: "auto" > address 192.168.1.1 { > prefix-length: 24 > disable: false > } > } > } > service { > nat { > rule 10 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "192.168.10.45" > port-number 81 > } > inside-address { > address: 192.168.1.244 > port-number: 80 > } > } > rule 1000 { > type: "masquerade" > outbound-interface: "eth0" > source { > network: "192.168.1.0/24" > } > destination { > network: "0.0.0.0/0" > } > } > } > ssh { > port: 22 > protocol-version: "v2" > } > webgui { > http-port: 80 > https-port: 443 > } > } > system { > host-name: "vyatta" > domain-name: "" > name-server 202.56.250.6 > time-zone: "GMT" > ntp-server "69.59.150.135" > gateway-address: 192.168.10.2 > login { > user root { > full-name: "" > authentication { > encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." > } > } > user vyatta { > full-name: "" > authentication { > encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." > } > } > } > package { > auto-sync: 1 > repository community { > component: "main" > url: "http://archive.vyatta.com/vyatta" > } > } > } > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users