[ previous ] [ next ] [ threads ]
 
 From:  Stefan <stefan at fuhrmann dot homedns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  cascaded firewalls rules
 Date:  Sun, 10 Sep 2006 12:55:36 +0200
Hello all,

I want to set up cascaded firewalls. monowall is my border firewall and I have 
DMZ (OPT1) net where are running some services. On the services host there is 
also running a firewall iptables/ netfilter.  

		| internet
		|	
		/\ monowall
	       /
	      / service-host with iptables/ netfilter

The problem is how should I set rules for the services? The firewall on the 
service host has open port 20 and 21 the client comes with an high port from 
Internet.
When I do  a rule from monowall to service host also 20 and 21,
Its an proftpd in passive mode.
from OPT to any is any allowed,
the client can not connect and its blocked by monowall. Highports are used to 
connect back to ftp client from server. And I can not understand why.
a verry,very nice PunkRock- Sampler -CD is waiting on 
ftp://ftp.nopanicsystems.net 
the tar.gz is the ripped version

have fun!

So I wait for some suggestions and  watching the log for some traffic!

tia

stefan