How to start

Antalj
2011-05-04
2013-03-05
  • Antalj

    Antalj - 2011-05-04

    Hello,

    I need some guidelines how to start with fwbuilder for the following requirements:
    i have an Ubuntu box with 2 NICs:
    eth1 for internal (net1:192.168.10/24)
    eth2 for external (net2:192.168.2.0/24)
    I need to access computers on net2 using vnc, over the 192.168.1.100:100+ip in net2 (the last number).

    The address of the linux box is 192.168.x.77
    The computer located in net2 need to access SQL server located in net1.

    Thanks for your Help!
    AJ

     
  • Antalj

    Antalj - 2011-05-09

    Hi Mike,

    i was able to start. I can control the access to the box, but I am not able to use or understand the NAT function. I tried to forward the incoming ping from 192.168.1.100 to 192.168.2.1   I've tried all the settings for the SRC and ST in the NAT rules but the pocket never reached the destination. No forwarding happened. There are fingerprints for the incoming pocket in the debug  log.
    Thanks!

     
  • Mike Horn

    Mike Horn - 2011-05-09

    Do you also have a rule in rule Policy that allows (Accept) the traffic?  If 192.168.1.100 is the outside (pre-NAT) IP and 192.168.2.1 is the inside (post-NAT) IP you need a rule that allows ICMP to 192.168.2.1 address. With iptables filtering happens after NAT so you need to filter on the post-NAT IP address.

     
  • Antalj

    Antalj - 2011-05-17

    Hello Mike,
    .i ran out of  ideas. I've the following policies:
    1) from  Net1/net2 accept any destination  and interface in both direction
    2) SRC=192.168.1.100 DEST=192.168.2.1 accept all service in both direction
    3)  SRC=192.168.2.1 DEST=192.168.1.100 accept all service in both direction

    and the following NAT rule:
    ORIG SRC=any,  ORIG DEST=192.168.1.100 TRANS SRC=192.168.2.1
    I tried to move the source and destination IPs o different places but did not help.
    What am i doing in wrong way?
    Thanks!

     
  • Mike Horn

    Mike Horn - 2011-05-17

    Please try adding a rule at the end of your firewall Policy that denies all traffic with logging on (basically the default rule that is created when you add a new rule to the policy).  Install the updated Policy on the firewall and then run "tail -f /var/log/messages". Try making a test connection and watch the log messages.  If you see log matches for last rule in your policy you will know that it is a filter issue.

    You can also try sending your data file to support@netcitadel.com and we'll look at it to see if we can figure out why it's not working.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks