Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick Portmapping: Difference between revisions

← Older edit
Content deleted Content added
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,616 edits
mNo edit summary
Reedy (talk | contribs)
editor
706 edits
Fixup syntax
 
Line 11: Line 11:
[[File:Firebrick-portmap-ruleset.png|thumb|The Ruleset]]
[[File:Firebrick-portmap-ruleset.png|thumb|The Ruleset]]


<syntaxhighlight lang=xml>
<rule-set name="Port Mappings"
<rule-set name="Port Mappings"
source-interface="pppoe"
target-interface="self"
source-interface="pppoe"
no-match-action="continue">
target-interface="self"
no-match-action="continue">
</rule-set>
</rule-set>
</syntaxhighlight>


And then add a rule for RDP to this rule-set:
And then add a rule for RDP to this rule-set:


<syntaxhighlight lang=xml>
<rule name="Map RDP to server1"
<rule name="Map RDP to server1"
target-port="3389"
set-target-ip="192.168.1.101"
target-port="3389"
set-nat="true"
set-target-ip="192.168.1.101"
action="accept"/>
set-nat="true"
action="accept"/>
</syntaxhighlight>


You can add more requirements as needed, such as changing the port if needed, or adding source IPs so as to restrict access to known IPs. You can also use profiles to control access further.
You can add more requirements as needed, such as changing the port if needed, or adding source IPs so as to restrict access to known IPs. You can also use profiles to control access further.


If you have more port mappings then you can add more rule's as required, eg to add access to an internal web server you could map port 8080 to port 80 of the internal webserver:
If you have more port mappings then you can add more rule's as required, eg to add access to an internal web server you could map port 8080 to port 80 of the internal webserver:

[[File:Firebrick-portmap-rule.png|thumb|The rule]]
[[File:Firebrick-portmap-rule.png|thumb|The rule]]
<syntaxhighlight lang=xml>
<rule name="Map 8080 to web server2"
<rule name="Map 8080 to web server2"
target-port="8080"
set-target-ip="192.168.1.102"
target-port="8080"
set-target-port="80"
set-target-ip="192.168.1.102"
set-nat="true"
set-target-port="80"
action="accept"/>
set-nat="true"
action="accept"/>
</syntaxhighlight>


You can then test this rule using the built in Firewall test diagnostic.
You can then test this rule using the built in Firewall test diagnostic.


If you put in:
If you put in:
*source IP = anything you want
* Source IP = anything you want
*Target IP = The FireBrick's IP
* Target IP = The FireBrick's IP
*Protocol = 17
* Protocol = 17
*Target port = 3389
* Target port = 3389


Then you should see it match your rule and change the target IP etc:
Then you should see it match your rule and change the target IP etc:
Retrieved from "http://support.aa.net.uk/FireBrick_Portmapping"