Re: [Fwbuilder-discussion] public dmz on third firewall interface - fwbuilder can't create a forwar
Brought to you by:
mikehorn
From: Vadim K. ✎ <va...@vk...> - 2009-07-29 16:36:08
|
On Jul 29, 2009, at 8:55 AM, Stefano Gasparini wrote: > Hi Guys, > i have encountered a problem to switch a very old firewall from > iptables to fwbuilder ... > the fw is composed with three zones localnet/10.10.0.0/16, internet/ > 195.103.219.0/28 and a public dmz/195.103.219.17/28 > it seems to me that the compiler did not create correct forward > chain when a packet arrives on eth0 interface (internet) with > destination > dmz ... (it must be forwarded to eth2/dmz) ... the compiler make a > rule on the input chain, for me this is not correct. > Anyone say to me if there is a misunderstanding? > > NETWORK = 195.103.219.0/26 = 64 addresses > > INTERNET ROUTER = 195.103.219.1 > | > | eth0 = 195.103.219.2 > FW > / \ > / \ > 195.103.219.17/28 eth2 DMZ LOCALNET eth1 10.10.0.0/16 > > If a packet arrives on interface eth0 whit dest address > 195.103.219.19 i think that the correct chain that the compiler has > to create > is a FORWARD CHAIN ... and that should not be happen ... the > firewall create a single rule on INPUT chain ... > > $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --sport 1024:65535 -d > 195.103.219.19 --dport 25 -m state --state NEW -j ACCEPT what ip address and netmask are associated with object eth2 in fwbuilder ? Vadim Kurland ✍ va...@vk... |