i’m trying to open a web services trought firewall but prot stay always blocked with the rule 4
for the moment firewall is bypassed.
set firewall name FROM-INTERNET default-action 'accept’
set firewall name FROM-INTERNET description ‘TRAFIC-FROM-INTERNET’
set firewall name FROM-INTERNET ‘enable-default-log’
set firewall name FROM-INTERNET rule 1 action ‘accept’
set firewall name FROM-INTERNET rule 1 description ‘AUTHORIZED-IP’
set firewall name FROM-INTERNET rule 1 log ‘disable’
set firewall name FROM-INTERNET rule 1 source group address-group ‘VIAPASS-ADDRESS’
set firewall name FROM-INTERNET rule 2 action ‘drop’
set firewall name FROM-INTERNET rule 2 description ‘BLOCK-SCAN-PORT’
set firewall name FROM-INTERNET rule 2 ‘destination’
set firewall name FROM-INTERNET rule 2 ‘disable’
set firewall name FROM-INTERNET rule 2 protocol ‘tcp_udp’
set firewall name FROM-INTERNET rule 2 ‘source’
set firewall name FROM-INTERNET rule 2 ‘state’
set firewall name FROM-INTERNET rule 2 ‘tcp’
set firewall name FROM-INTERNET rule 3 action ‘accept’
set firewall name FROM-INTERNET rule 3 state established ‘enable’
set firewall name FROM-INTERNET rule 3 state invalid ‘enable’
set firewall name FROM-INTERNET rule 3 state related ‘enable’
set firewall name FROM-INTERNET rule 4 action ‘accept’
set firewall name FROM-INTERNET rule 4 description ‘OPEN-8088-FOR-EVERYBODY’
set firewall name FROM-INTERNET rule 4 destination address ‘PUBLIC IP VIRTUAL ROUTER’
set firewall name FROM-INTERNET rule 4 destination port ‘8088’
set firewall name FROM-INTERNET rule 4 protocol ‘tcp_udp’
set firewall name FROM-INTERNET rule 4 source address ‘0.0.0.0/0’
set firewall name FROM-INTERNET rule 4 state new ‘enable’
set firewall name FROM-INTERNET rule 4 action ‘accept’
set firewall name FROM-INTERNET rule 4 description ‘OPEN-8088-FOR-EVERYBODY’
set firewall name FROM-INTERNET rule 4 destination address ‘192.168.156.14’
set firewall name FROM-INTERNET rule 4 destination port ‘8088’
set firewall name FROM-INTERNET rule 4 protocol ‘tcp_udp’
And second test with source address
set firewall name FROM-INTERNET rule 4 action ‘accept’
set firewall name FROM-INTERNET rule 4 description ‘OPEN-8088-FOR-EVERYBODY’
set firewall name FROM-INTERNET rule 4 destination address ‘192.168.156.14’
set firewall name FROM-INTERNET rule 4 destination port ‘8088’
set firewall name FROM-INTERNET rule 4 protocol ‘tcp_udp’
set firewall name FROM-INTERNET rule 4 source address ‘0.0.0.0/0’
Sorry. Im really confused now. Can you please re-explain what your wanting to do?
Do you want to open port 8088 to everyone? Or do you have a list of IP addresses that you want to have allowed access to it? If it is this, then you’ll simply need to maintain a list of IP addresses, and then add them to your firewall as a address group.
Behind my router i have some vm which provide web services all access web, ssh,… are filtered by public ip thanks to firewall, in this vms i ve one vm where i forward port 80 with port 8088 and this one need to be available for everybody.
If i have to configure destination address with LAN IP, i need to put the local port and not the forwarded port.
So now the good configuration which works
set firewall name FROM-INTERNET rule 4 action ‘accept’
set firewall name FROM-INTERNET rule 4 description ‘OPEN-8088-FOR-EVERYBODY’
set firewall name FROM-INTERNET rule 4 destination address ‘LAN IP SERVER’
set firewall name FROM-INTERNET rule 4 destination port ‘80’
set firewall name FROM-INTERNET rule 4 protocol ‘tcp’
set firewall name FROM-INTERNET rule 4 state new ‘enable’