NAT with IP Filters

From: "Jerome Baum" <gratemyl@xxxxxxxxx>
Date: 29 Dec 2006 05:30:35 -0800

Hi!

I have a dedicated server on which I cannot install a custom firewall
(dedicated server, no KVM) and the windows firewall is disabled when
Routing and Remote Access is enabled.

So I use inbound filters instead of a firewall. But I have an interface
(OpenVPN) which is NAT'd. Those connected to this interface need access
to the Internet.

I have found that creating a rule to allow "Any" traffic (practically
disabling the firewall) will grant access to this interface.

I have a rule to allow all "TCP [established]" traffic, so I don't see
why I have to disable the entire firewall for that interface to gain
outward TCP access. I have no Outbound filters on the external
interface and no filters at all on the mentioned internal interface.

I would be thankful for any help!

-jerome

.

Prev by Date: Re: DFS replication
Next by Date: Re: DFS replication
Previous by thread: DFS replication
Next by thread: Re: NAT with IP Filters
Index(es):
- Date
- Thread

Relevant Pages

5.4 amd64 kernel and em driver issue ...
... The public interface on both of them (em0 ... Did anything go into the 5.4 kernel late in the release ... From the firewall itself I could be pinging www.google.com and it will ... disabling SMP in kernel ...
(freebsd-net)
Re: Verizon XV6700 stuck on "Retrieving Settings" in Activesync
... yes the interface IS there, in fact, when "connected" I can browse the ... network connections corresponding to the WM device, ... What firewall and anti-virus are you using? ... disabling the firewall and Antivirus, ...
(microsoft.public.pocketpc.activesync)
Re: ftp problem
... > here is my whole firewall script ... > # No restrictions on Loopback Interface ... > # or from this gateway server destine for the public Internet. ... > # Allow out secure FTP, Telnet, and SCP ...
(freebsd-questions)
Re: Checkpoint experiences
... decide they want the firewall used by the big boys...often repeated, ... The Nokia appliance IPSO, is useful if you don't want to take the ... It is no wonder that the Nokia interface is called ... > billions on training, and classes, consultants, support contracts, etc. ...
(comp.security.firewalls)
Re: Problem about ppp -nat
... ipfw firewall, ... Just setup your fw of choice as if the tun0 device is the external device and leave all the nat stuff completely out of it. ... My Internet interface is rl0, ... # /etc/rc.d/routing restart ...
(freebsd-questions)