so i'm routing a public subnet, have a public ip on eth0, a public subnet on eth3, just now setting up a new network behind one of the addresses on that subnet, but need to allow all connections through the firewall to that subnet...
here's my WAN_IN rules:
name WAN_IN {
default-action drop
description "packets from Internet to LAN"
enable-default-log
rule 1 {
action accept
description "allow connections to Routed WAN"
destination {
group {
address-group NETv4_eth3
}
}
log disable
p2p {
all
}
protocol all
state {
established enable
invalid enable
new enable
related enable
}
}
rule 2 {
action accept
description "allow established sessions"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 3 {
action drop
description "drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}the masquerade is only configured for use by my local subnets (source address 10.0.0.0/8) and i can tell that works, because if i do a "what is my ip" behind the new router on that eth3 network i get the proper address...
but my inbound connections on that subnet are still being blocked... what am i doing wrong here?