Re: no way to get out

To: Debian firewall list <debian-firewall@lists.debian.org>
Subject: Re: no way to get out
From: Douglas Maxwell <doug@turinglabs.com>
Date: Tue, 6 Apr 2004 10:42:03 -0400
Message-id: <[🔎] 20040406144203.GB10304@hades.themaxwells.org>
Mail-followup-to: Debian firewall list <debian-firewall@lists.debian.org>
In-reply-to: <[🔎] 1081109562.2510.56.camel@milka>
References: <[🔎] 1081109562.2510.56.camel@milka>

On Sun, Apr 04, 2004 at 11:12:33PM +0300, Eddy Petrisor wrote:
> I made it with firewall builder, as I found it more suitable for myself
> as a beginer. Everything works ok for the users behind the firewall
> (private class addresses) but from the server I can't access the
> internet, nor the internal network...
> 
The rule you want would have your firewall object in the source
column, "Any" in the destination column, and "Any" or whatever
services you want to allow out from your server/firewall in the
service column, with Action set to "Accept", of course. If you want
to browse the 'net from the firewall itself, make sure to allow DNS
queries out from that box (there is a predefined group for that in
fwbuilder).

Using the firewall object itself in the source column with "Any" in
the destination column will allow traffic originating on your
firewall to go anywhere, internal or out to the Internet. If you
wanted to restrict traffic based on interface, you would have to use
the interface object in the source column.

BTW, connections originating from the firewall traverse iptable's
OUPUT chain.

HTH,

Doug

Reply to:

References:
- no way to get out
  - From: Eddy Petrisor <eddyp-guest@userbeam.de>

Prev by Date: Re: IPtables and/or firewall-easy?
Next by Date: Re: IPtables and/or firewall-easy?
Previous by thread: Re: no way to get out
Next by thread: IPtables and/or firewall-easy?
Index(es):
- Date
- Thread