Results 1 to 2 of 2

Thread: Firehol Problem - Please Help

  1. #1

    Default Firehol Problem - Please Help

    Hi, folks,

    I have SuSE Linux server which acts as 2-interface router & firewall with firehol package for firewalling setup.

    Basically I'm need to make local services running on local PC over the internet (port forwarding).

    Below is a part of firehol.conf

    I have tried different things, like "router world2lan inface "${if_world}"
    outface "${if_lan}" route gv accept dst", swapping "route commands" in world2lan configuration, explicitly opening "gv" ports with "server gv accept", etc., nothing worked.

    Something very simple is missing but I could not figure out whatt.

    Any help is greatly appreciated. Thanks in advance.




    #transparent_squid 3128 squid inface "${if_lan}"
    transparent_proxy 80 3128 "squid root bin andrei" inface "${if_lan}"
    src "${intranet_ips}"

    # Video surveillance software.
    client_gv_ports="5548 5549"
    server_gv_ports="tcp/5548 tcp/5549"

    nat to-destination inface "${if_world}" proto tcp
    dport "${client_gv_ports}"

    interface "${if_lan}" lan src "${intranet_ips}"
    ********policy reject
    ********# server "dns ftp samba squid dhcp http ssh icmp"*******accept
    ********server all accept
    ********client all accept
    interface "${if_world}" world src not "${intranet_ips} ${UNROUTABLE_IPS}"
    ********protection strong 10/sec 10
    ********server "ssh http https ftp dns smtp smtps pop3 pop3s sip" accept
    ********server ident reject with tcp-reset
    ********client all accept

    router lan2world inface "${if_lan}" outface "${if_world}"
    ********route all accept
    router world2lan inface "${if_world}" outface "${if_lan}"
    ********route gv accept
    ********route ident reject with tcp-reset

  2. #2
    platinum NNTP User

    Default Re: Firehol Problem - Please Help

    > I have SuSE Linux server

    you are welcome to post here and wait on an answer...which will
    probably be helpful...

    however, this is the openSUSE forum and i recommend you post to the
    correct forum over at

    it is Novell who produces, markets and supports SUSE Linux Enterprise
    Server (SLES) versions 10 and 11..

    i believe you will finds a good answer, quicker over there.. ymmv


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts