Re: IP Firewalling/Forwarding baffles me
On Tue, 15 Sep 1998, Kendall P. Bullen wrote:
> The protected machine is running Solaris 2.5.1 (possible to be
> upgraded to 2.6). It has another 'private' IP address, 192.168.2.2.
> (Using those private network numbers seemed like a good idea for
> security reasons.) It can ping the IP address of the firewall, but
> nothing else.
>
> THE PLAN; A few fortunate souls should be able to reach the protected
> machine via WWW (port 80, the default) from the Internet. Also, a few
> machine on our local network should be able to reach the protected
> machine on several different ports (including 80).
>
To give access to the protected machine, it will need a real IP address.
The 192.168.0.0 network should not be accessible to the Internet. As an
alternative, you could set up a port forwarding program on the firewall
that will forward port 80 to the Solaris machine on 192.168.2.2.
The big thing I learned about the ipfwadm rules, is that access must be
granted for both directions. eg.
ipfwadm -F -a accept -P tcp -b -S 0.0.0.0/0 80 -D 192.168.2.2/36
The -b says bidirectional, and of coarse replace that 192.168.2.2 with a
real IP address for Internet access.
Hope this helps.
--
Paul Miller
pmiller@jove.acs.unt.edu
Reply to: