Welcome, Guest. Please login or register.

Author Topic: Manually add/change firewall rulles  (Read 1431 times)

Qinn

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Manually add/change firewall rulles
« on: March 29, 2016, 01:45:07 PM »
Hi there, is it possible to manually add a firewall rule?

Why? Well I my case I need to ping a machine that's on a different (private)subnet. Easy you could say, but this machine blocks requests when they aren't coming from the same subnet. Alas there is no telnet\SSH access, so no way for me to change it's set of firewall rules.

So, I want to try address spoofing with something like "iptables -t nat -A POSTROUTING -p icmp -j SNAT --to-source ipaddress"

and test it with a ping, but then I need to manually add/insert a rule, any help is appreciated.

andywhite

  • Administrator
  • Full Member
  • *****
  • Posts: 100
  • Karma: +0/-0
    • View Profile
Re: Manually add/change firewall rulles
« Reply #1 on: April 24, 2016, 10:00:11 PM »
you need to setup a NAT rule,  can you give more detail about ip ranges and network setup ?

Qinn

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Manually add/change firewall rulles
« Reply #2 on: May 06, 2016, 02:27:07 PM »
Ofcourse, I want to access an ipcam (192.168.5.71) from a machine (192.168.1.100) that resides in another private subnet. In t1n1wall both subnets are assigned interfaces (NIC's) with 192.168.1.1/24 and 192.168.5.1/24 (so no VLAN's). The DHCP server on both interfaces only respond to reserved clients listed.

As said in my previous post by default the ipcam seems to block all access from any different subnet and as the webserver from the ipcam has no option to edit the firewall settings/rules and there is no Telnet/SSH port to access the OS of the ipcam, only IP masquerade (my 2 cents ;) ) came into mind as a possible solution. Hope this helps, thanks for your time.

« Last Edit: May 07, 2016, 06:56:52 AM by Qinn »

Qinn

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Manually add/change firewall rulles
« Reply #3 on: July 04, 2016, 12:05:40 PM »
I've experimented with pfsense and got it right. In pfsense there is the option "Hybrid Outbound NAT rule generation (Automatic Outbound NAT + rules below)" and I added the Rule as below:

Interface= WLAN
protocol= any
Source= any
Destination= network
Destination network for outbound NAT mapping= 192.168.5.71/32
Translation address= Interface address
Destination port= *

I tried the outbound settings in T1n1wall, but can't seem to get it right. Do I miss something?


Qinn

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Manually add/change firewall rulles
« Reply #4 on: July 04, 2016, 02:56:00 PM »
Stupid me, in pfsense when you go to hybrid mode the default NAT rule for all interfaces is maintained in t1n1wall I had to create one for every interface

so I had to add for LAN

Interface= WAN
Source= 192.168.1.0/24
Destination=*
Target=*

It would be nice if you could select the source like the type in the firewall and not have to type ip's  ;)
« Last Edit: July 04, 2016, 02:58:05 PM by Qinn »