editor
698
edits
This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
mNo edit summary |
(Fixup syntax) |
||
(2 intermediate revisions by one other user not shown) | |||
Typically, your FireBrick will be the original target of the traffic, it will have a public IP on one of its PPP interfaces perhaps. If we take an example for RDP, then we can crate the rule-set as follows:
[[File:Firebrick-portmap-ruleset.png|thumb|The Ruleset]]
<rule-set name="Port Mappings"▼
source-interface="pppoe"▼
<syntaxhighlight lang=xml>
target-interface="self"▼
no-match-action="continue">▼
</rule-set>▼
</syntaxhighlight>
And then add a rule for RDP to this rule-set:
<syntaxhighlight lang=xml>
action="accept"/>
</syntaxhighlight>
You can add more requirements as needed, such as changing the port if needed, or adding source IPs so as to restrict access to known IPs. You can also use profiles to control access further.
If you have more port mappings then you can add more rule's as required, eg to add access to an internal web server you could map port 8080 to port 80 of the internal webserver:
[[File:Firebrick-portmap-rule.png|thumb|The rule]]
<rule name="Map 8080 to web server2"▼
<syntaxhighlight lang=xml>
set-nat="true"
action="accept"/>
</syntaxhighlight>
You can then test this rule using the built in Firewall test diagnostic.
If you put in:
*
* Target IP = The FireBrick's IP
* Protocol = 17
* Target port = 3389
Then you should see
Checking rule-set 5 [Mapping] - Rule 3 [RDP to server1] matched, action is ACCEPT, no further rule-sets considered
|