Quantcast
Channel: EdgeRouter topics
Viewing all articles
Browse latest Browse all 20028

firewall question

$
0
0

so i'm routing a public subnet, have a public ip on eth0, a public subnet on eth3, just now setting up a new network behind one of the addresses on that subnet, but need to allow all connections through the firewall to that subnet...

 

here's my WAN_IN rules:

 

   name WAN_IN {
        default-action drop
        description "packets from Internet to LAN"
        enable-default-log
        rule 1 {
            action accept
            description "allow connections to Routed WAN"
            destination {
                group {
                    address-group NETv4_eth3
                }
            }
            log disable
            p2p {
                all
            }
            protocol all
            state {
                established enable
                invalid enable
                new enable
                related enable
            }
        }
        rule 2 {
            action accept
            description "allow established sessions"
            log disable
            protocol all
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 3 {
            action drop
            description "drop invalid state"
            log disable
            protocol all
            state {
                established disable
                invalid enable
                new disable
                related disable
            }
        }
    }

the masquerade is only configured for use by my local subnets (source address 10.0.0.0/8) and i can tell that works, because if i do a "what is my ip" behind the new router on that eth3 network i get the proper address...

 

but my inbound connections on that subnet are still being blocked... what am i doing wrong here?


Viewing all articles
Browse latest Browse all 20028

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>