Am 09.06.2013 um 09:37 schrieb Thomas Berthel:
Hi Erik,
the installation section might be better than optimizations
True, you're right.
So if you are finished with your wiki, we can put it together in the installation part.
1) The results in the CUSTOM Chains doesn´t display the destination
ports only the source ports, why is that ?
What exactly do you mean? I just do not see what you mean.
RETURN tcp -- 192.168.7.0/24 anywhere multiport dports imaps,urd,submission,pop3s,smtp TIME from 00:00:00 to 00:00:00 UTC
so the dports are specified. I can´t find something like that in your iptables -L listing.
2) Also, is it necessary to define --sport ?
Yes. So I give with which ports exactly what to do and what not.
But, I'm not an iptables expert. That was my first real attempt and has
worked well so far.
So you have allowed only unprivileged ports as a source port, but isn´t it that the case per default anyway ? Or do you regard a security method with this ?
So i´am also not sure with this, but if you define only --dports isn´t it the same behavior anyway with the source port then you defined it ?
3) Another question is, are you operating in Mode 0 in the outgoing FW ?
No, i use Modus 1.
What rules do you use in Mode 1 ?
Or in other words is it possible to define such rules without
problems with the VLAN config and interface names like green 003 etc. ?
I think that is not RFC compliant. However, there is the possibility
0-4095 to put the IDs.
http://www.oit.ucsb.edu/committees/CNC-BEG/vlan_id.asp
Ahh O.K. but is it possible to arrange rules for the VLAN interfaces over the WUI (e.g. DMZ pinnholes, etc...) ?
4) Did you also try to add these rules over the webinterface ?
I have not tested yet. But, I can do that.
So maybe it is less complicated (especially for the explanations in the wiki) if all the rules which can be arranged over the WUI will be set in that way ? MIght be nice if you can go for a try . So also if the outgoing FW will be configured, i think the CUSTOMFORWARD rules are defined then in the FORWARD and OUTPUT chains.
BG, Thomas
May there are some ideas to go for further checks.
Best regards
Erik
Am 09.06.2013 06:54, schrieb Erik K.:
Hi Thomas,
first of all, thanks for the wiki in this theme, i think it is important to have some good explanation in there. May the location can be changed if you have finished this wiki, the installation section might be better than optimizations.
I have some questions to your IPTable rules.
1) The results in the CUSTOM Chains doesn´t display the destination ports only the source ports, why is that ?
2) Also, is it necessary to define --sport ?
3) Another question is, are you operating in Mode 0 in the outgoing FW ?
4) Did you also try to add these rules over the webinterface ? Or in other words is it possible to define such rules without problems with the VLAN config and interface names like green 003 etc. ?
One hint to the mailinglist, this is a international area so we write only in english
Greetings
Erik
Am 08.06.2013 um 13:42 schrieb Thomas Berthel:
Hi zusammen,
ich habe hier: http://wiki.ipfire.org/de/optimization/vlan/start die
Doku für das VLAN fertig gestellt, könnte das jemand von euch in ein
brauchbares Format für die englisch sprechenden Uer vorbereiten.
Korregturen dürfen natürlich ebenso vorgenommen werden ;-)
Ein schönes Wochenende! Thomas
_______________________________________________
Documentation mailing list
Documentation@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/documentation
_______________________________________________
Documentation mailing list
Documentation@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/documentation
_______________________________________________
Documentation mailing list
Documentation@lists.ipfire.orghttp://lists.ipfire.org/mailman/listinfo/documentation