Firewall Configuration with new change
-
@Lakshmana said:
@thecreativeone91 said:
c 1918 none are a Public WAN.
Yes it is for testing purpose only.So these IP are provided
Ok, is the purpose of the firewall supposed to be for setting up a site-to-site VPN? That's what it sounds like to me.
-
@thanksajdotcom said:
@Lakshmana said:
@thecreativeone91 said:
c 1918 none are a Public WAN.
Yes it is for testing purpose only.So these IP are provided
Ok, is the purpose of the firewall supposed to be for setting up a site-to-site VPN? That's what it sounds like to me.
I don't see anything about a VPN. Looks like a standard test environment. Just going about it the wrong way.
-
Also, you've managed to give us the technical goal of what you're trying to accomplish, but you still haven't told us what the purpose of this firewall is. Is it to filter traffic, connect to another site as a VPN tunnel, act as a router, what? It may be several of those or none of those. But you haven't told us what you're trying to accomplish. WHY, from a business perspective, are you setting up this firewall?
-
You be better off setting up Pfsense as the one with the WAN Nic, then using VM internal NICs for your servers on the LAN of Pfsense off of that.
-
@thanksajdotcom said:
Ok, is the purpose of the firewall supposed to be for setting up a site-to-site VPN? That's what it sounds like to me.
Oh this is going to get confusing very quickly. I don't see anything that suggests this. What part of his description made you feel that he wanted this?
-
@thanksajdotcom This firewall is just to access the LAN from WAN to connect SSH ports
-
Also, this is relatively complicated, because of technical reasons I'm not going to go into to save on confusion, but you cannot "open" a port on a firewall like this. You have to "port forward". So you have to know the IP Address to which you want Port 22 (SSH) to be forwarded. Only one machine on the LAN can have SSH accessed from the WAN.
-
@Lakshmana said:
@thanksajdotcom This firewall is just to access the LAN from WAN to connect SSH ports
@scottalanmiller said:
@thanksajdotcom said:
Ok, is the purpose of the firewall supposed to be for setting up a site-to-site VPN? That's what it sounds like to me.
Oh this is going to get confusing very quickly. I don't see anything that suggests this. What part of his description made you feel that he wanted this?
His diagram. It looks like he's trying to connect to other workstations.
-
@scottalanmiller said:
Also, this is relatively complicated, because of technical reasons I'm not going to go into to save on confusion, but you cannot "open" a port on a firewall like this. You have to "port forward". So you have to know the IP Address to which you want Port 22 (SSH) to be forwarded. Only one machine on the LAN can have SSH accessed from the WAN.
Dang it you beat me to it.
-
@Lakshmana said:
@thanksajdotcom This firewall is just to access the LAN from WAN to connect SSH ports
SSH is open by default. I'm not sure what you mean access LAN from WAN unless you mean SSH tunneling?
-
@scottalanmiller is right. You need to forward external port 22 to internal port 22 on a specific IP. That is totally different and a firewall and every router pretty much in existence can do a basic port forward.
-
@scottalanmiller said:
Also, this is relatively complicated, because of technical reasons I'm not going to go into to save on confusion, but you cannot "open" a port on a firewall like this. You have to "port forward". So you have to know the IP Address to which you want Port 22 (SSH) to be forwarded. Only one machine on the LAN can have SSH accessed from the WAN.
On port 22.
-
@thecreativeone91 said:
@Lakshmana said:
@thanksajdotcom This firewall is just to access the LAN from WAN to connect SSH ports
SSH is open by default. I'm not sure what you mean access LAN from WAN unless you mean SSH tunneling?
Port forwarding.
-
@Dashrender said:
@scottalanmiller said:
Also, this is relatively complicated, because of technical reasons I'm not going to go into to save on confusion, but you cannot "open" a port on a firewall like this. You have to "port forward". So you have to know the IP Address to which you want Port 22 (SSH) to be forwarded. Only one machine on the LAN can have SSH accessed from the WAN.
On port 22.
Right. You can forward different external ports to internal port 22 on different IPs. That's another way to do it.
-
-
@thanksajdotcom said:
@Dashrender said:
@scottalanmiller said:
Also, this is relatively complicated, because of technical reasons I'm not going to go into to save on confusion, but you cannot "open" a port on a firewall like this. You have to "port forward". So you have to know the IP Address to which you want Port 22 (SSH) to be forwarded. Only one machine on the LAN can have SSH accessed from the WAN.
On port 22.
Right. You can forward different external ports to internal port 22 on different IPs. That's another way to do it.
Too much work. Too much to keep track of.
-
@Lakshmana Why don't you use the wan IP of the CentOS box to SSH into then SSH from that to the LAN machines?
-
@thecreativeone91 If this is possible to do?
-
@thanksajdotcom said:
Right. You can forward different external ports to internal port 22 on different IPs. That's another way to do it.
Don't keep adding new concepts. Let's stick just to getting through his one question. He's confused enough.
-
@Lakshmana said:
@thecreativeone91 If this is possible to do?
It's super easy. So much easier than port forwarding in the firewall. And far more useful.
