Re: IP Firewalling/Forwarding baffles me

To: "Kendall P. Bullen" <kpb@lists.tax.org>
Cc: debian-user@lists.debian.org
Subject: Re: IP Firewalling/Forwarding baffles me
From: Miller Paul <pmiller@jove.acs.unt.edu>
Date: Thu, 17 Sep 1998 12:58:17 -0500 (CDT)
Message-id: <[🔎] Pine.GSO.3.96.980917125041.15541C-100000@jove.acs.unt.edu>
In-reply-to: <[🔎] Pine.LNX.3.96.980915213335.10932A-100000@lists.tax.org>

On Tue, 15 Sep 1998, Kendall P. Bullen wrote:

> The protected machine is running Solaris 2.5.1 (possible to be
> upgraded to 2.6).  It has another 'private' IP address, 192.168.2.2.
> (Using those private network numbers seemed like a good idea for
> security reasons.)  It can ping the IP address of the firewall, but
> nothing else.
> 
> THE PLAN; A few fortunate souls should be able to reach the protected
> machine via WWW (port 80, the default) from the Internet.  Also, a few
> machine on our local network should be able to reach the protected
> machine on several different ports (including 80).
> 
To give access to the protected machine, it will need a real IP address.
The 192.168.0.0 network should not be accessible to the Internet. As an
alternative, you could set up a port forwarding program on the firewall
that will forward port 80 to the Solaris machine on 192.168.2.2.

The big thing I learned about the ipfwadm rules, is that access must be
granted for both directions. eg. 

ipfwadm -F -a accept -P tcp -b -S 0.0.0.0/0 80 -D 192.168.2.2/36

The -b says bidirectional, and of coarse replace that 192.168.2.2 with a
real IP address for Internet access.

Hope this helps.
--
Paul Miller
pmiller@jove.acs.unt.edu

Reply to:

References:
- IP Firewalling/Forwarding baffles me
  - From: "Kendall P. Bullen" <kpb@lists.tax.org>

Prev by Date: Re: Gateway monitors and X
Next by Date: Re: How to start PPP?
Previous by thread: Re: IP Firewalling/Forwarding baffles me
Next by thread: q: Web/Mail Server
Index(es):
- Date
- Thread