smoothwall configuration

sikkalgopal · 06-21-2005, 05:29 AM

Hi all,

In our test lab i have two networks 10.0.0.0 hosts start from 10.0.0.101,102 etc and another 192.168.0.0 hosts start from 192.168.0.101,102 etc. In between i hav smoothwall box having two nic configured 10.0.0.3 as green (localnet) and 192.168.0.1 as red (anothernet) . I have backup linux server in 192 network i want to backup from some of the machines in 10 network.How can i set the forwarding rule
here,i tried many possible thing but cant able to ping from 10 network to 192 network.

From smoothwall eitherside i can able to pink.

pls help
thnks

peter_robb · 06-21-2005, 06:03 AM

Have you looked at the log file pages in the interface to see if it records the ping?

sikkalgopal · 06-21-2005, 07:13 AM

Hi

I dont find any problems with nic,still i can able to ping from the box to eitherside of the network,also from the 10.0.0.network to the 192.168.0.1 (red interface of smoothwall),beyond i get request timed out.

but from 192.168 network if i ping 10.0.0.3 (green interface of smoothwall),i get destination port unreachable.

problem seems to be in the forwarding rule,i tired up after using many combination
thnks

peter_robb · 06-21-2005, 07:26 AM

Smoothwall isn't designed to allow pings from Red (internet) interface directly to the Internal (green) interface.. No firewall should allow that, ever.

Things that need to be pinged live in the DMZ zone.

Check the Snort logs and see if it is blocking the pings from Green to 192.168. network.

sikkalgopal · 06-21-2005, 07:34 AM

Hi

thnks your reply, checked both alert and portscan.log both are 0 bytes no entry registered

is any way of making forward rule from 10.0 network to 192.168 ?

pls advice
thnks

peter_robb · 06-21-2005, 08:00 AM

Only by ip number and protocol to a single pc..

Smoothwall isn't this kind of firewall, doing routing functions.
The rule sets are quite complicated and from many parts.
Were you looking for specific features from it?

sikkalgopal · 06-21-2005, 08:50 AM

Hi

thnks, ya we have specific backup application and wants to check across the firewall, and also with the specific port. from the smoothwall docs i understand that communication takes place between networks across the firewall must exist in the orange and red network and not in the green network. is it right? if so i have to add one more nic and one more network with hosts.
It seems logically work right?

Put it in single way all hosts from one network can backup to a server available in another network over a specified port,also restoring from server to the host over the same port.

bye

peter_robb · 06-21-2005, 09:02 AM

That's correct..

The Orange is for DMZ.. No new communications into the Green from Orange.

sikkalgopal · 06-21-2005, 09:43 AM

Hi

things going more complex now,i dont want make more networks,is any firewall suitable for my
condition.

thnks in advance
bye

peter_robb · 06-21-2005, 04:49 PM

You can make one from any Linux distro using the iptables package..

A tutorial with examples is at http://iptables-tutorial.frozentux.n...-tutorial.html

floppywhopper · 06-21-2005, 07:13 PM

Not sure if this is going to help
but could you use IP Cop
and set up a vpn or pinholes ( as they call them )
from blue zone to green zone

floppy

edit
just to include this link
http://www.ipcop.org/1.4.0/en/instal...iguration.html
Am I correct in that you want to do what is in point 1.2.1.3
that is communicate from blue to green ?
hope this helps