Ether0 address 192.1.1.1/24 Inside network
Ether1 address 192.1.2.1/24 Outside network
Remote network 192.1.3.0/24 Remote network
add filter inet.in
set filter inet.in 1 deny 192.1.1.0/24 0.0.0.0/0
set filter inet.in 2 permit tcp estab
set filter inet.in 3 permit 192.1.3.0/24 192.1.1.0/24 tcp
set filter inet.in 4 permit 192.1.2.180/32 192.1.1.0/24 tcp
set filter inet.in 5 permit 192.1.2.181/32 192.1.1.0/24 tcp
set filter inet.in 6 permit 192.1.2.182/32 192.1.1.0/24 tcp
set filter inet.in 7 permit 192.1.2.183/32 192.1.1.0/24 tcp
set filter inet.in 8 permit 192.1.2.184/32 192.1.1.0/24 tcp
set filter inet.in 9 permit 192.1.2.185/32 192.1.1.0/24 tcp
set filter inet.in 10 permit 192.1.2.186/32 192.1.1.0/24 tcp
set filter inet.in 11 permit 192.1.2.187/32 192.1.1.0/24 tcp
set filter inet.in 12 permit 192.1.2.188/32 192.1.1.0/24 tcp
set filter inet.in 13 permit 192.1.2.189/32 192.1.1.0/24 tcp
When I set this filter to the ether1 port as an ifilter (set ether1 ifilter
inet.in) I lose all connectivity with the outside network and internet. The
IRX is running 3.7.2 and has approx 380k free memory. When I try this same
filter on a mini network with another irx between a web server and a pc it
works as I would expect where I can do anything from the inside (the pc) and
can't get to the inside from the outside (the web server).
Any help/ideas?
Mark R. Baker
mark@solunet.com
Phone: 800-795-2814 xt123
Canada: 888-765-8638
Fax: 407-676-0809
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.