Note

Wed, 02 May 2012 | Linux Firewall Manual

The port for isakpm (UDP) forthese connections also needs to be routed through the firewall.

3. Redirection: To enable transparent proxying, reroute the packets, for example, if you want to carry out transparent configurations of the internal HTTP proxy. The IP packets have an internal IP address as a source address and, as a destination address, an Internet IP address. These IP packets have port 80 (www) as the destination port. Your HTTP proxy, however, waits on port 3128 for the packets on your firewall. This rerouting procedure from a destination address with destination port 80 to the required localhost port 3128 can be configured in this screen (see Figure 4.15 on page 44).

4. Release of ports for internal access to the firewall. Which firewall services do you want to make available for the internal network? Select from the list provided (see Figure 4.16 on page 44).

The checkbox'Allow internal crypted IPSEC connection'must be activated, if a VPN tunnel from the internal network to the firewall host should be possible.

: Figure 4.14: Routing Filter

5. Release of external ports to the firewall: Select from the list the ports to release for this purpose — those that can be accessed from the Internet (see Figure 4.17 on page 45).

The checkbox 'Allow external crypted IPSEC connection' needs to be activated if a VPN tunnel from the Internet to the firewall host should be possible.

6. Release the ports to access the firewall from the DMZ by selecting, once again, from the list provided (see Figure 4.18 on page 45). If you did not choose a DMZ interface (in item 1), this screen will be disabled.

The checkbox 'Allow crypted IPSEC connection from DMZ' needs to be activated if a VPN tunnel from the DMZ to the firewall host should be possible.

7. Logging and kernel modules

• Select the log level for the packet filters from the series of checkboxes. In doing so, be aware that log files can grow very quickly if you are logging all the packets together.

• In the selection field pertaining to the kernel modules, choose the modules needed if using certain applications that operate independently of the firewall (see Figure 4.19 on page 46).