See the Quick Start Guide or Configuration Guide for multiple examples
(http://www.vyatta.com/twiki/bin/view/Community/DocumentationSet) .
Make
sure you accept tcp established to ensure that responses to outbound requests
make it back through the firewall.
Best,
Justin
On Jan 29, 2008 8:05 PM, Go Wow <[EMAIL PROTECTED]> wrote:
> This is my complete configuration, I want to add firewall such that all the
> internal LAN should be able to access internet as there are having access
> now without firewall, I want only port 80 443 to be open to all (yes it
> should be accessible from anywhere) and lastly I have a webserver nat'ted on
> port 81 of eth0 I want to access that too rest all should be blocked, can
> someone please define the rules for this.
>
>
> protocols {
> rip {
> interface eth0 {
> address 192.168.10.45 {
> metric: 1
> horizon: "split-horizon-poison-reverse"
> disable: false
> passive: false
> accept-non-rip-requests: true
> accept-default-route: true
> advertise-default-route: true
> route-timeout: 180
> deletion-delay: 120
> triggered-delay: 3
> triggered-jitter: 66
> update-interval: 30
> update-jitter: 16
> request-interval: 30
> interpacket-delay: 50
> }
> }
> interface eth1 {
> address 192.168.1.1 {
> metric: 1
> horizon: "split-horizon-poison-reverse"
> disable: false
> passive: false
> accept-non-rip-requests: true
> accept-default-route: true
> advertise-default-route: true
> route-timeout: 180
> deletion-delay: 120
> triggered-delay: 3
> triggered-jitter: 66
> update-interval: 30
> update-jitter: 16
> request-interval: 30
> interpacket-delay: 50
> }
> }
> }
> }
> policy {
> }
> interfaces {
> restore: false
> loopback lo {
> description: ""
> address 192.168.2.1 {
> prefix-length: 32
> disable: false
> }
> }
> ethernet eth0 {
> disable: false
> discard: false
> description: ""
> hw-id: 00:1c:c0:0d:0c:85
> duplex: "auto"
> speed: "auto"
> address 192.168.10.45 {
> prefix-length: 24
> disable: false
> }
> }
> ethernet eth1 {
> disable: false
> discard: false
> description: ""
> hw-id: 00:08:a1:83:b7:1e
> duplex: "auto"
> speed: "auto"
> address 192.168.1.1 {
> prefix-length: 24
> disable: false
> }
> }
> }
> service {
> nat {
> rule 10 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "192.168.10.45"
> port-number 81
> }
> inside-address {
> address: 192.168.1.244
> port-number: 80
> }
> }
> rule 1000 {
> type: "masquerade"
> outbound-interface: "eth0"
> source {
> network: "192.168.1.0/24"
> }
> destination {
> network: "0.0.0.0/0"
> }
> }
> }
> ssh {
> port: 22
> protocol-version: "v2"
> }
> webgui {
> http-port: 80
> https-port: 443
> }
> }
> system {
> host-name: "vyatta"
> domain-name: ""
> name-server 202.56.250.6
> time-zone: "GMT"
> ntp-server "69.59.150.135"
> gateway-address: 192.168.10.2
> login {
> user root {
> full-name: ""
> authentication {
> encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
> }
> }
> user vyatta {
> full-name: ""
> authentication {
> encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
> }
> }
> }
> package {
> auto-sync: 1
> repository community {
> component: "main"
> url: "http://archive.vyatta.com/vyatta";
> }
> }
> }
> _______________________________________________
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
