[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Cube 2 - IP Filter/Firewall

Subject: RE: [cobalt-users] Cube 2 - IP Filter/Firewall
From: Rodolfo Paiz <rpaiz@xxxxxxxxxxxxxx>
Date: Sat Sep 23 16:17:02 2000

> I am working on the IP filtering of a Cube 2 and I seem to
> have run into a wall.
>
> What I have is a 10.x.x.x network submitted as a class A.
> My cube is at 10.1.1.1 and I have a NT server in the DMZ at
> 10.1.100.102 (Set by the Cubes DHCP server).   I can ping it
> fine from the cube.
>
> What I want to do is run a web server on port 80 on the NT
> server (and continue running the webserver on the CUBE also).
>
> I setup a "filter rule" set as
> Policy: Allow
> Source IP : Any
> Source Port:  8090
> Destination IP:  10.1.100.102/8
> Destination Port:  80
>
> I have tried both protocall TCP and UDP for this.
>
> BUT, when I try to connect from the Internet to my Cube's Static IP on
> port 8090, I get connection refused from either a browser, or a direct
> telnet to the port.
>
> Any ideas what I may be doing wrong?

Your basic concept is not wrong per se, but certainly missing a piece. What
IP filtering does is to decide whether or not a packet is *allowed* to go
through; it doesn't actually send the packet anywhere. IP filtering is a
form of protection, not transport or routing. Also, Qubes don't *have* a
DMZ... you have an internal network and an external network. And since
10.x.x.x is a private network, you can't directly access your NT server from
the Internet without making some changes.

Let me redefine your rule somewhat, using 111.222.333.444 as your publicly
accessible IP address for the Qube...

Rule 1:  Allow
         From any IP, any port
         To 111.222.333.444, port 8090
         Protocol TCP

This will allow anyone anywhere to connect to your Qube's (note Qube not
Cube) port 8090. But in itself this means nothing, since your Qube is not
*answering* port 8090. You also need to forward connections from
111.222.333.444:8090 to 10.1.100.102:80.

You can do this with a utility called portfwd, which has been mentioned
previously on this list. People have even posted instructions on its
installation and use. Search the archives for the following keywords:

 * portfwd
 * port forwarding

That'll get you going.

--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>

References:
- [cobalt-users] Cube 2 - IP Filter/Firewall
  - From: bsoper

Prev by Date: [cobalt-users] Can't find user pages template on Raq's or Qube's
Next by Date: RE: [cobalt-users] Mail only
Previous by thread: RE: [cobalt-users] Cube 2 - IP Filter/Firewall
Next by thread: [cobalt-users] Re: cobalt-users digest, Vol 1 #1386 - 25 msgs

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index