by Chimpanz » Mon, 16 Feb 2004 22:15:08
(outside)---------(inside)-------(dmz)-----------------(dmz)--------(inside Both the firewall are configured in routing mode. My requirement My rule ....... Firewall-2 Cheers
[Firewall-1] -------------------------------------------- [Firewall 2]
system A from inside of firewall1 to talk to inside system B of
firewall 2.
Firewall -1
allow telnet system A to System B (Not the exact syntax)
deny rest
What rule should I configure?
by Thomas Na » Mon, 16 Feb 2004 23:17:36
It at least requires the same rule. Talking about TCP connections this
ensure ONLY that A can establish a connection to B, not the opposite
direction. The answers will reach a as both firewalls handle this stateful.
If B needs to establish a connection too then add similar roles.
All this assumes you don't use NAT
Hope that helps
Thomas
-----------------------------------------------------------------
PGP fingerprint: B1 EE D2 39 2C 82 26 DA A5 4D E0 50 35 75 9E ED
by barry haycoc » Fri, 27 Feb 2004 10:09:35
> (outside)---------(inside)-------(dmz)-----------------(dmz)--------(inside > Both the firewall are configured in routing mode. My requirement > My rule ....... > Firewall-2 > Cheers
> [Firewall-1] -------------------------------------------- [Firewall 2]
> system A from inside of firewall1 to talk to inside system B of
> firewall 2.
> Firewall -1
> allow telnet system A to System B (Not the exact syntax)
> deny rest
> What rule should I configure?
so your nat rule will be
internal host -> internet -> use address ...
on the other machine it will be
anything to address internet traffic -> send to internal host
then write a rule saying anything to internet address on port accept
1. Solaris 9 and Sunscreen 3.2 Stealth Mode
Hi,
I've got a Sun V100 running Solaris 9 08/03 which I would like to run
Sunscreen 3.2 on. I've updated the system, installed all of the Sunscreen
pre-requisite patches etc and the Sunscreen software. I would like to run
this in stealth mode, where dmfe0 will be the interface pointing to the
outside world, and dmfe1 will point to the inside. Currently, I only have
dmfe1 configured with an IP for administrative purposes (as required). For
dmfe0, is it sufficient to simply have a blank /etc/hostname.dmfe0? I don't
want the firewall to have an IP address.
Afterwards I assume its possible to just do an ssadm command to add the
dmfe0 interface with the corresponding addresses.
PS. Please reply to the newgroup with your response.
PPS. I've read several documents re: Sunscreen, but none of them seem to
discuss how the NICs should be configured prior to Sunscreen installation.
Thank-you,
Khalid.
2. seeking Toshiba T4700CS owners
3. please help with sunscreen configuration
4. startx fails on default font (newbie)
6. QIC-02 driver writes 512 bytes/dies
7. routing issue on SunScreen fw
9. Sunscreen routing 192.168.1.0/24 and 172.16.0.0/16 problem
10. vsftpd configuration in standalone mode
11. Problem configuration ACCELERAT MODE / REVERSE PROXY SQUID
12. Printer configuration in text mode
13. configuration for interlaced mode.