Configuring The Firewall And Vpn; Route Based Virtual Private Networking - RuggedCom RuggedRouter RX1000 User Manual

Ruggedcom router user manual

Hide thumbs Also See for RuggedRouter RX1000:

User manual (315 pages)

Installation manual (50 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

page of 284

/ 284
Contents
Table of Contents
Bookmarks

Table of Contents

RuggedRouter

User Guide

Source-Port

Original-

Destination-IP

Rate-Limit

User-Group

Some examples will illustrate the power of the rules file:

Rule Action

1 ACCEPT net:204.18.45.0/24 fw

2 DNAT

3 DNAT

4 ACCEPT fw

5 ACCEPT net:204.18.45.0/24 fw

1) This rule accepts traffic to the firewall itself from the 204.18.45.0/24 subnet. If the

default policy is to drop all requests from net to the firewall, this rule will only

traffic from the authorized subnet.

2) This rule forwards all ssh and http connection requests from the Internet to local

system 192.168.1.3.

3) This rule forwards http traffic from 204.18.45.0/24 (which was originally directed

to the firewall at 130.252.100.69) to the host at 192.168.1.3 in the local zone. If

the firewall supports another public IP address (e.g. 130.252.100.70), a similar

rule could map requests to another host.

4) and 5) These rules allow the firewall to issue icmp requests to the Internet and to

respond to icmp echo requests from the authorized subnet.

Rules are defined in the file /etc/shorewall/rules and are modified from the Firewall

Rules menu.

Configuring The Firewall And VPN

Route Based Virtual Private Networking

Begin configuration by creating local, network and vpn zones (all as zone type IPV4).

The openswan daemon will have created ipsecX interfaces which should be added to

the vpn zone in the interfaces menu.

The IPsec protocol operates on UDP port 500 and using protocols ah (Authentication

Header) and Encapsulating Security Payload (ESP) protocols. The firewall must

accept this traffic in order to allow IPsec. If the firewall serves as the VPN gateway,

add the following rules:

Action

110

The tcp/udp port the connection originated from.

The destination IP address in the connection request as it was

received by the firewall.

A specification which allows the rate at which connections are

made to be limited.

A method of limiting outbound traffic from the firewall to a

specific user, group of users and a specific application.

Source-Zone

Destination-Zone Protocol Dest-

net

loc:192.168.1.3

net:204.18.45.0/24 loc:192.168.1.3

net

Source-Zone Destination-Zone Protocol Dest-Port

all

Source-

Port

tcp

ssh, http

tcp

http

icmp

esp

udp

500

Original-

Destination-IP

130.252.100.69

RuggedCom

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Ruggedrouter rx1100

Configuring The Firewall And Vpn; Route Based Virtual Private Networking - RuggedCom RuggedRouter RX1000 User Manual

Configuring The Firewall And VPN

Route Based Virtual Private Networking

Hide quick links:

Related Manuals for RuggedCom RuggedRouter RX1000

Related Content for RuggedCom RuggedRouter RX1000

This manual is also suitable for:

Table of Contents