Table of Contents
Advertisement
Helpful Scripts
5.3. Firewall over PPP with a Public and private IP
range multi-homed on the LAN (Pseudo DMZ)
Mail Server
100.100.100.100
Valid Internet address
Out going Web access out
192.168.10.0
Private Firewall Public
Note: Be aware that with many Internet Providers it may be more suitable to turn LQR (link quality reporting) off on PPP
links, and instead use LCP Echo Request and Echo Reply messages to determine link quality (echo=on). Simply add
'lqr=off echo=on' to the PPP creation command.
Router A
#
# PPP Configuration
#
create ppp=0 over=syn0
#
# IP Configuration
#
enable ip
add ip int=ppp0 ip=200.200.200.1 mask=255.255.255.252
add ip int=eth0-0 ip=192.168.10.1
add ip int=eth0-1 ip=100.100.100.97 mask=255.255.255.240
add ip route=0.0.0.0 next=0.0.0.0 mask=0.0.0.0 int=ppp0
#
# Firewall Configuration
# To enable out going ping see example 5.1.1
enable firewall
enable firewall notify=port,manager port=0
create firewall policy="main"
add firewall policy="main" int=eth0-0 type=private
add firewall policy="main" int=eth0-1 type=private
add firewall policy="main" int=ppp0 type=public
add firewall poli="main" nat=enhanced int=eth0-0 gblin=ppp0 gblip=200.200.200.1
# Allow rules required for access to servers on private 'virtual DMZ' interface
add firewall poli="main" ru=1 ac=allo int=ppp0 prot=tcp po=25 ip=100.100.100.100
Helpful Scripts
Revision 5.8.7; 5 April 2001
No NAT to Internal Public IP
Site A
LIN K
TX RX
Coll
CentreCOM AR300
Access
LAN
WAN
SYSTEM
200.200.200.0/30
Internet
Page
24
Advertisement
Table of Contents
