Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 23 July 2024, 08:52:40 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14247 Posts in 4376 Topics by 6501 Members
Latest Member: propamat
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Blue zone cant access Green zone
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: 1 [2] Go Down Print
Author Topic: Blue zone cant access Green zone  (Read 60801 times)
jeremycald
Full Member
***
Offline Offline

Posts: 41


« Reply #15 on: Friday 29 May 2009, 08:24:42 am »

I checked the logs and it is telling me that the chain FORWARD:DROP     br0 is what is blocking it.  I've been through the various firewall settings (inter, outer, inny, outty ;-) and have not been able to communicate.  The next step I tried just in case was turning off the HTTP proxy.  Still no dice.  I am thinking it may be the following:   http://kb.endian.com/entry/27/  but what I am afraid of is that will open EVERYTHING up and not allow me to eventually control the access. 

I am going to try it tonight after work hours because I have to reboot it of course.

Yipee!!! it worked Smiley  Now the next step is to try to see if we can control it.  Will report back.
Logged
jeremycald
Full Member
***
Offline Offline

Posts: 41


« Reply #16 on: Friday 29 May 2009, 11:50:01 am »

After applying the update it worked and worked well.  . . . .  too well. It appears that it now applies the PortForward rules to the Blue interface as if it was another Red interface.  As well the Inter-Zone rules have only ALLOW effect, DENY has no effect.

This would be OK except that I would like to allow the Blue interface to also print to one of my printers on the Green interface and that will not work.

I may just have to go with the VPN in the end.
Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #17 on: Friday 05 June 2009, 02:25:10 am »

Source: Blue Destination: IPaddress of printer or <green> Port 9000 allow. Simple.
Logged
alex.enjoy
Jr. Member
*
Offline Offline

Posts: 1


« Reply #18 on: Wednesday 24 June 2009, 05:50:13 pm »

Hello,

i run into the same trouble with the inter-zone firewall within efw 2.2 community.
But surprising: it seems that any change to the rules works only after re-booting the efw!  Roll Eyes
just try it... does it work?

alex.
Logged
jeremycald
Full Member
***
Offline Offline

Posts: 41


« Reply #19 on: Wednesday 01 July 2009, 02:06:45 am »

Believe it or not, I think you are right.  However I would like to do a bit more testing before I say that is the save all. I'll update soon.
Logged
hpwr
Jr. Member
*
Offline Offline

Posts: 2


« Reply #20 on: Tuesday 09 March 2010, 10:21:12 pm »

Hi, I think I have a similar problem with v.2.3;

Green IP: 192.168.0.1
Blue IP: 192.168.1.1

Green PC´s can ping and conenct to Blue ones
Blue PC´s can surf the internet
Blue PC´s CANNOT access or ping Green ones...

In Inter-Zone firewall configuration I have:

1     BLUE     <ANY>     <ANY>      ALLOW      

also tryed BLUE to GREEN or Blue Interface to Green Interface... Rebooting etc. but nothing with success.

This post is pretty old now, I cannot imagine this being a BUG for so much time.... Please help.

Thanks.
Logged
Steve
Sr. Member
****
Offline Offline

Posts: 108



WWW
« Reply #21 on: Wednesday 10 March 2010, 12:07:59 am »

    
"Blue zone cant access Green zone" - This is normal.

Blue is intended to be used for a wireless network and is UNTRUSTED.
Green is the TRUSTED network.

To allow access from Blue to Green you need to use Zone Pinholes
Logged

                          
hpwr
Jr. Member
*
Offline Offline

Posts: 2


« Reply #22 on: Wednesday 10 March 2010, 03:12:49 am »

Thank you for the answer.

I know, actually I´m using an IPcop in this configuration, green for the lan and blue for some wifi stuff and some ´external´ computers that need to access some green ip´s. It is working with ´Blue Access´ and ´DMZ Pinholes´ but in endian that is controlled by the ´Inter-Zone firewall´.

I´ve created the rule above and some other tests without getting the computer at the blue side to see anything on the green, even disabling the entire inter-zone firewall didn´t change anything...  I have tryed this script ( kb.endian.com/entry/27 ) too equal without success.

Any idea what´s going wrong ?
Logged
sn_helpdesk
Jr. Member
*
Offline Offline

Posts: 3


« Reply #23 on: Wednesday 28 July 2010, 05:31:04 pm »

Hi,

i got the same problem on my Endian 2.4.
I can't get traffic from Blue/Orange to Green.
I also tried this script hpwr mentioned without any success.

Does anyone got a solution for this problem?
Logged
rrch
Jr. Member
*
Offline Offline

Posts: 1


« Reply #24 on: Friday 02 March 2012, 04:01:23 am »

Hello!

I had the same problem with endian 2.5.1, so I wanted to do was to give access from the blue zone to a port of a PC in the green zone. In my case, the problem was that I activated a Routing Policy for all pc's in the blue area, (all pc's will use the uplink2 for everything), so the pc's in the blue never going to reach the green. I solved the problem by disabling that policy routing.

Later I added specific routes for the lan and then added the policy I mentioned earlier.

For those who want to give full access (bad idea) from blue to green (ping, etc), just add the rule in the inter-zone module:(source) blue - (destination) green - (service) any - (policy) Allow
In my case it was unnecessary to disable the proxy, or restart the computer or do something else.

Can corroborate this in efw 2.5.1 testing with a newly installed system. In my case I used virtualbox.

Sorry for my English but I'm usually much better reading than writing  Wink

Greetings.
Logged
Pages: 1 [2] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com