Use Public IP from LAN

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Use Public IP from LAN

ANIS El Achèche-2
Hey!

I need that a machine in my GREEN Zone to be able to use access my public IP (RED Zone) when I put it in the browser or in an application.

I already allowed the port forwarding for that machine:

RED   | ALLOW with IPS  | 192.168.1.xx


Now I want that the traffic between my local IP and Red IP will be allowed, the FW log shows me this INPUTFW:DROP TCP 192.168.1.xx:port  -> RED IP: port


Thank you in advance.

El Achèche ANIS
An Ubuntu-tn Member & Events Team Coordinator
Official Ubuntu Member  | Member @CLibre.tn | Junior SysAdmin @ApptivIT
[hidden email] | # whoami
"I am what I am because of who we all are" - The Ubuntu Philosophy


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Use Public IP from LAN

Alexandru Gheorghe-2
On 09/24/2014 01:24 PM, ANIS El Achèche wrote:
> Now I want that the traffic between my local IP and Red IP will be
> allowed, the FW log shows me this INPUTFW:DROP TCP 192.168.1.xx:port  ->
> RED IP: port
You don't need NAT if you want a GREEN client to go out in WAN on some
non standard (meaning, not defined by default in Firewall) port/service.

Just allow it in Outgoing firewall. More info at [1].


REFERENCE:
[1] How To [KB]:
http://help.endian.com/entries/21231431-Applications-fail-to-connect-from-behind-an-Endian-UTM-Appliance

--
:: e n d i a n :: security with passion
:: Alexandru Gheorghe
:: http://www.endian.com


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user

signature.asc (501 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Use Public IP from LAN

ANIS El Achèche-2
I know that, but when I use my REDIP from my LAN the FW block that request!


El Achèche ANIS
An Ubuntu-tn Member & Events Team Coordinator
Official Ubuntu Member  | Member @CLibre.tn | Junior SysAdmin @ApptivIT
[hidden email] | # whoami
"I am what I am because of who we all are" - The Ubuntu Philosophy


On Wed, Sep 24, 2014 at 11:33 AM, Alexandru Gheorghe <[hidden email]> wrote:
On 09/24/2014 01:24 PM, ANIS El Achèche wrote:
> Now I want that the traffic between my local IP and Red IP will be
> allowed, the FW log shows me this INPUTFW:DROP TCP 192.168.1.xx:port  ->
> RED IP: port
You don't need NAT if you want a GREEN client to go out in WAN on some
non standard (meaning, not defined by default in Firewall) port/service.

Just allow it in Outgoing firewall. More info at [1].


REFERENCE:
[1] How To [KB]:
http://help.endian.com/entries/21231431-Applications-fail-to-connect-from-behind-an-Endian-UTM-Appliance

--
:: e n d i a n :: security with passion
:: Alexandru Gheorghe
:: http://www.endian.com


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user



------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Use Public IP from LAN

Alexandru Gheorghe-2
On 09/24/2014 02:00 PM, ANIS El Achèche wrote:
> I know that, but when I use my REDIP from my LAN the FW block that request!
Then you need to specify to allow in Firewall > System access (specify
the source ip to be safe).


System access must match INPUTFW chain which is defined in INPUT (filter
table) of netfilter (see with iptables).
--
:: e n d i a n :: security with passion
:: Alexandru Gheorghe
:: http://www.endian.com


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user

signature.asc (501 bytes) Download Attachment