{"id":702,"date":"2013-04-02T19:13:28","date_gmt":"2013-04-02T17:13:28","guid":{"rendered":"http:\/\/blog.rabahi.net\/?page_id=702"},"modified":"2016-10-03T10:41:10","modified_gmt":"2016-10-03T08:41:10","slug":"srv-firewall","status":"publish","type":"page","link":"https:\/\/blog.rabahi.net\/?page_id=702","title":{"rendered":"srv-firewall"},"content":{"rendered":"<h1>Installation<\/h1>\n<p>Download iso here: <a href=\"http:\/\/www.ipcop.org\/download.php\" title=\"http:\/\/www.ipcop.org\/download.php\" target=\"_blank\">http:\/\/www.ipcop.org\/download.php<\/a> Currently, version is i486 2.1.8<br \/>\nThe configuration to choose is GREEN+RED (so we need two network adresses).<\/p>\n<ul>\n<li>On the <a href=\"https:\/\/srv-firewall:445\" target=\"_blank\">https:\/\/srv-firewall:445<\/a> enable ssh connection.<\/li>\n<li>In the \/etc\/ssh\/sshd_config change the default ssh port : 1622<\/li>\n<li>Optional: set static IP in \/var\/ipcop\/ethernet\/settings.<\/li>\n<\/ul>\n<h1>Rules<\/h1>\n<ul>\n<li>Edit \/etc\/rc.d\/rc.firewall<\/li>\n<li>Add the rule : (remplace MY_PORT and MY_IP_DEST)\n<pre lang=\"bash\">\r\n $IPTABLES -A INPUT -i $RED -p tcp --sport MY_PORT -s MY_IP_DEST -j ACCEPT\r\n $IPTABLES -A OUTPUT -o $RED -p tcp --dport MY_PORT -d MY_IP_DEST -j ACCEPT\r\n<\/pre>\n<\/li>\n<li>Execute the script: \/etc\/rc.d\/rc.firewall<\/li>\n<\/ul>\n<h1>To connect<\/h1>\n<ul>\n<li>Create the file ~\/.ssh\/config (Note: replace myFAIHostName by you FAI IP or Hostname)\n<pre lang=\"ssh\">\r\nHost home\r\nHostName myFAIHostName\r\n         User domainuser\r\n         Port 1622\r\n         ServerAliveInterval 30\r\n         ServerAliveCountMax 120\r\n\r\n         LocalForward 20000 192.168.0.66:80\r\n         LocalForward 22000 192.168.0.66:22\r\n         LocalForward 22139 192.168.0.8:139\r\n         LocalForward 22110 192.168.0.5:110\r\n<\/pre>\n<\/li>\n<li>This file must have the following rights:\n<pre lang=\"bash\">\r\nchmod 600 ~\/.ssh\/config\r\n<\/pre>\n<\/li>\n<li>Launch command:\n<pre lang=\"bash\">\r\nssh -N -f -q home\r\n<\/pre>\n<li>\nTest: check the page <a href=\"http:\/\/localhost:20000\" target=\"_blank\">http:\/\/localhost:20000<\/a>, you must see the content of <a href=\"http:\/\/192.168.0.66:80\" target=\"_blank\">http:\/\/192.168.0.66:80<\/a>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Installation Download iso here: http:\/\/www.ipcop.org\/download.php Currently, version is i486 2.1.8 The configuration to choose is GREEN+RED (so we need two network adresses). On the https:\/\/srv-firewall:445 enable ssh connection. In the \/etc\/ssh\/sshd_config change the default ssh port : 1622 Optional: set static IP in \/var\/ipcop\/ethernet\/settings. Rules Edit \/etc\/rc.d\/rc.firewall Add the rule : (remplace MY_PORT and MY_IP_DEST) [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":677,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-702","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/pages\/702","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=702"}],"version-history":[{"count":5,"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/pages\/702\/revisions"}],"predecessor-version":[{"id":1474,"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/pages\/702\/revisions\/1474"}],"up":[{"embeddable":true,"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/pages\/677"}],"wp:attachment":[{"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}