I need some guidelines how to start with fwbuilder for the following requirements:
i have an Ubuntu box with 2 NICs:
eth1 for internal (net1:192.168.10/24)
eth2 for external (net2:192.168.2.0/24)
I need to access computers on net2 using vnc, over the 192.168.1.100:100+ip in net2 (the last number).
The address of the linux box is 192.168.x.77
The computer located in net2 need to access SQL server located in net1.
Thanks for your Help!
Here are a couple of links to help get you started. The first is a Getting Started Guide for iptables and the second is the section of the Users Guide for firewall policies.
Once you get started if you run into an issue just post your question and we'll try to help.
i was able to start. I can control the access to the box, but I am not able to use or understand the NAT function. I tried to forward the incoming ping from 192.168.1.100 to 192.168.2.1 I've tried all the settings for the SRC and ST in the NAT rules but the pocket never reached the destination. No forwarding happened. There are fingerprints for the incoming pocket in the debug log.
Do you also have a rule in rule Policy that allows (Accept) the traffic? If 192.168.1.100 is the outside (pre-NAT) IP and 192.168.2.1 is the inside (post-NAT) IP you need a rule that allows ICMP to 192.168.2.1 address. With iptables filtering happens after NAT so you need to filter on the post-NAT IP address.
.i ran out of ideas. I've the following policies:
1) from Net1/net2 accept any destination and interface in both direction
2) SRC=192.168.1.100 DEST=192.168.2.1 accept all service in both direction
3) SRC=192.168.2.1 DEST=192.168.1.100 accept all service in both direction
and the following NAT rule:
ORIG SRC=any, ORIG DEST=192.168.1.100 TRANS SRC=192.168.2.1
I tried to move the source and destination IPs o different places but did not help.
What am i doing in wrong way?
Please try adding a rule at the end of your firewall Policy that denies all traffic with logging on (basically the default rule that is created when you add a new rule to the policy). Install the updated Policy on the firewall and then run "tail -f /var/log/messages". Try making a test connection and watch the log messages. If you see log matches for last rule in your policy you will know that it is a filter issue.
You can also try sending your data file to firstname.lastname@example.org and we'll look at it to see if we can figure out why it's not working.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.