|
Title: Incoming routed traffic & DMZ Post by: moktok on Friday 14 January 2011, 08:15:10 pm Hi everybody,
I have a question regarding the firewall menu "incoming routed traffic" in the release 2.4.1. I have more IP addresses von my red interface. I would like to route one of those ips directly to server behind the firewall without NAT. According to the documentation this can be done with the firewall menu "incoming routed traffic". Unfortunatly this is poorly documented (or I do not understand it :)). How do I configure the route to the dmz? Must the server behind the firewall hang on an extra interface or on blue/orange? Can this be done with the gui or do I need to configure the routing chains of iptables by myself? I hope you can help me. thanks in advance, Martin Title: Re: Incoming routed traffic & DMZ Post by: sunsus on Monday 27 February 2012, 09:51:42 pm Hello Martin
Have you got it to work? When yes how? I have a simular problem, i'm trying to rout a subnet with public ips form red to orange. regards Patrick Title: Re: Incoming routed traffic & DMZ Post by: moktok on Monday 27 February 2012, 11:45:16 pm Hi Patrick,
yes, I solved the problem. You must add manually a route for your IP address to the interface of your desired zone. I put a host route command to /etc/rc.d/rc.firewall.local to the interface of the desired zone: # route add -host <ip> dev brX In the GUI I defined SNAT from the ip to the zone. On the machine I configured the outer IP address and two routes to the IP address of the firewall in that zone: # route add -net 10.1.1.0/24 dev eth0 # route add default gw 10.1.1.1 dev eth0 Hopes that helps, Martin |