[Fwbuilder-discussion] public dmz on third firewall interface - fwbuilder can't create a forward ru
Brought to you by:
mikehorn
From: Stefano G. <ste...@me...> - 2009-07-29 16:15:26
|
Hi Guys, i have encountered a problem to switch a very old firewall from iptables to fwbuilder ... the fw is composed with three zones localnet/10.10.0.0/16, internet/195.103.219.0/28 and a public dmz/195.103.219.17/28 it seems to me that the compiler did not create correct forward chain when a packet arrives on eth0 interface (internet) with destination dmz ... (it must be forwarded to eth2/dmz) ... the compiler make a rule on the input chain, for me this is not correct. Anyone say to me if there is a misunderstanding? NETWORK = 195.103.219.0/26 = 64 addresses INTERNET ROUTER = 195.103.219.1 | | eth0 = 195.103.219.2 FW / \ / \ 195.103.219.17/28 eth2 DMZ LOCALNET eth1 10.10.0.0/16 If a packet arrives on interface eth0 whit dest address 195.103.219.19 i think that the correct chain that the compiler has to create is a FORWARD CHAIN ... and that should not be happen ... the firewall create a single rule on INPUT chain ... $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --sport 1024:65535 -d 195.103.219.19 --dport 25 -m state --state NEW -j ACCEPT Many many thanks in advance. Best regards Stefano Gasparini |