Hi, folks,
I have SuSE Linux server which acts as 2-interface router & firewall with firehol package for firewalling setup.
Basically I’m need to make local services running on local PC 192.168.0.16 over the internet (port forwarding).
Below is a part of firehol.conf
I have tried different things, like “router world2lan inface “${if_world}”
outface “${if_lan}” route gv accept dst 192.168.0.16”, swapping “route commands” in world2lan configuration, explicitly opening “gv” ports with “server gv accept”, etc., nothing worked.
Something very simple is missing but I could not figure out whatt.
Any help is greatly appreciated. Thanks in advance.
if_world=“eth4”
if_lan=“eth0”
intranet_ips=“192.168.0.0/16”
#transparent_squid 3128 squid inface “${if_lan}”
transparent_proxy 80 3128 “squid root bin andrei” inface “${if_lan}”
src “${intranet_ips}”
Video surveillance software.
client_gv_ports=“5548 5549”
server_gv_ports=“tcp/5548 tcp/5549”
nat to-destination 192.168.0.16 inface “${if_world}” proto tcp
dport “${client_gv_ports}”
interface “${if_lan}” lan src “${intranet_ips}”
********policy reject
********# server “dns ftp samba squid dhcp http ssh icmp”*******accept
********server all accept
********client all accept
interface “${if_world}” world src not “${intranet_ips} ${UNROUTABLE_IPS}”
********protection strong 10/sec 10
********server “ssh http https ftp dns smtp smtps pop3 pop3s sip” accept
********server ident reject with tcp-reset
********client all accept
router lan2world inface “${if_lan}” outface “${if_world}”
********masquerade
********route all accept
router world2lan inface “${if_world}” outface “${if_lan}”
********route gv accept
********route ident reject with tcp-reset