On Tue, 15 Sep 1998, Kendall P. Bullen wrote: > The protected machine is running Solaris 2.5.1 (possible to be > upgraded to 2.6). It has another 'private' IP address, 192.168.2.2. > (Using those private network numbers seemed like a good idea for > security reasons.) It can ping the IP address of the firewall, but > nothing else. > > THE PLAN; A few fortunate souls should be able to reach the protected > machine via WWW (port 80, the default) from the Internet. Also, a few > machine on our local network should be able to reach the protected > machine on several different ports (including 80). > To give access to the protected machine, it will need a real IP address. The 192.168.0.0 network should not be accessible to the Internet. As an alternative, you could set up a port forwarding program on the firewall that will forward port 80 to the Solaris machine on 192.168.2.2.
The big thing I learned about the ipfwadm rules, is that access must be granted for both directions. eg. ipfwadm -F -a accept -P tcp -b -S 0.0.0.0/0 80 -D 192.168.2.2/36 The -b says bidirectional, and of coarse replace that 192.168.2.2 with a real IP address for Internet access. Hope this helps. -- Paul Miller [EMAIL PROTECTED]
