massctrl
Apprentice
Joined: 19 Mar 2004
Posts: 156
|
 Posted: Fri Jan 28, 2005 8:58 am Post subject: [solved] Firehol + IPtables |
 |
|
Hi all,
I'm trying to find an easy way to control iptables.
Firehol looks good, but i can't seem to get the result i want.
I have a testenvironment with a dual homed box that needs to act as a nat box/firewall
.
The home(lan) side is 10.9.8.0/24
the internet(wan) side is 10.0.0.0/24
I want to be able to ssh into this box from the internetside. But that doesn't seem to work! I followed the tutorial found on the project webpage .
| Code: | version 5
# The network of our eth0 LAN
home_ips="10.9.8.0/24"
interface eth1 home src "${home_ips}"
policy reject
server "ssh smtp" accept
client "icmp" accept
interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"
protection strong 10/sec 10
server "ssh smtp" accept
server ident reject with tcp-reset
client all accept
router internet2home inface eth0 outface eth1
masquerade reverse
client all accept
server ident reject with tcp-reset |
When I do a portscan on 10.0.0.98, all ports are closed, except port 10000 (webmin). This doesn't seem logical.
Anyone with experience concerning firehol (and iptables)
Greets and thanks in advance
I switched to shorewall which works great |
|
Networking & Security
