-
firehol.conf is a BASH script. As such it supports includes already.
Example:
source my-other.conf
. my-new.conf
The dot '.' is a alias for 'source'.
2009-11-15 17:28:48 UTC in FireHOL
-
ktsaou committed patchset 473 of module firehol to the FireHOL CVS repository, changing 1 files.
2009-10-01 10:25:23 UTC in FireHOL
-
Generally speaking this is what you should do:
rip=your.vpn.default.gateway.ip
dev=your.vpn.device.name
# copy the current routing table to ROUTE2
ip route flush table ROUTE2
ip route show | grep -v "^default" | while read; do ip route add table ROUTE2 ${REPLY}; done
ip route add table ROUTE2 default via ${rip} dev ${dev}
# send all traffic marked with 2 through this...
2009-08-12 20:43:59 UTC in FireHOL
-
...
server_mytorrent_ports="tcp/12345 udp/12345"
client_mytorrent_ports="any"
...
dnat to internal.pc.ip.address proto "tcp udp" dport 12345
...
router interner2lan
server mytorrent accept
...
2009-08-11 18:14:54 UTC in FireHOL
-
Hi,
You should be looking for help in the Linux Advanced Routing How To. In general you need to setup 2 routing profiles and one or more routing filters to route your clients differently.
FireHOL can only help if you want to use iptables MARKs in your routing filters, instead of IPs, and if you need to nat traffic.
Check http://lartc.org/
Costa.
2009-08-11 18:11:30 UTC in FireHOL
-
Are you sure you are not having routing problems? A common error is to have a different path for the packets coming in, and another for the packets going out. If this is the case, it is common to have packet drops.
Normally, the packets logged by firehol contain the reason if you take a closer look. What interface name do the packets log? Which src/dst? Do they match firehol.conf?.
2009-07-02 23:55:02 UTC in FireHOL
-
Hi,
If you have src/dst in the interface configuration, try adding the broadcast address too.
If you don't have src/dst, try to find a log line with the packet that gets dropped.
Regards,
Costa.
2009-07-02 23:48:55 UTC in FireHOL
-
Hi,
The most probable reason is that your kernel is missing several netfilter/iptables modules.
If you have compiled your kernel yourself, please add all netfilter/iptables options (as modules will do).
Costa.
2009-03-11 09:11:36 UTC in FireHOL
-
Rocky,
You cannot mix two gateways so easily. It is important to guarrantee that a packet will be routed back exactly the same way it came in. Otherwise things will brake.
To test if your firewall is blocking something, check the logs (I suggest to install ulogd so that iptables logs will be go to a separate file instead of the syslog). Once you installed ulogd, set FIREHOL_LOG_MODE=ULOG...
2009-03-06 19:03:55 UTC in FireHOL
-
For the RDP:
---
dnat to rdp.server.ip inface eth0 proto tcp dport 3389
transparent_squid 8080 "proxy dansguardian" inface eth1 src 192.168.0.0/16
#Wan
interface "eth0" internet
protection strong 10/sec 10
server "ssh webmin" accept
client "all" accept
#Lan
interface "eth1" LAN
policy accept
router...
2009-03-06 10:26:43 UTC in FireHOL
