All is based on example:
Set NAT – masquerade (allow acces to outside)
# set service nat rule 1
# set service nat rule 1 type masquerade
# set service nat rule 1 outbound-interface eth0
# set service nat rule 1 protocol all
# set service nat rule 1 source address 192.168.1.0/24 (use your own inrenal network)
# set service nat rule 1 destination address 0.0.0.0/0
NAT – destination – http (allow http acess from outside to your server placed on LAN : ex:192.168.1.2 )
# set service nat rule 10 (chose you number – must be unique)
# set service nat rule 10 type destination
# set service nat rule 10 inbound-interface eth0
# set service nat rule 10 protocol tcp
# set service nat rule 10 destination address xxx.xxx.xxx.xxx (your WAN IP)
# set service nat rule 10 destination port http
# set service nat rule 10 source address 0.0.0.0/0
# set service nat rule 10 inside-address address 192.168.1.2
Firewall examples:
- Reject telnet on an interface and allow enything else:
# set firewall name FWTELNET
# set firewall name FWTELNET rule 1
# set firewall name FWTELNET rule 1 action reject
# set firewall name FWTELNET rule 1 protocol tcp
# set firewall name FWTELNET rule 1 source address 0.0.0.0/0
# set firewall name FWTELNET rule 1 destination port telnet
# set firewall name FWTELNET rule 2
# set firewall name FWTELNET rule 2 action accept
# set firewall name FWTELNET rule 2 protocol all
# set firewall name FWTELNET rule 2 source address 0.0.0.0/0
# set firewall name FWTELNET rule 2 destination address 0.0.0.0/0
# set interfaces ethernet eth0 firewall local name FWTELNET
- Reject an IP on an interface:
# set firewall name REJECTIP rule 1 action reject
# set firewall name REJECTIP rule 1 source address 192.168.1.100
# set firewall name interfaces ethernet eth1 firewall in name REJECTIP
# set interfaces ethernet eth0 firewall local name FWTELNET
Loading ...
(20 votes, average: 4.75 out of 5, rated)
