In this example the two servers are only linked by one protocol FTP.
Traceroute 33434
It is assumed that the two sites have different IP address ranges.
Note if the sites use overlapping address ranges it may still be
possible,
but you will need two routers using NAT,
and a non clashing intermediate network.
In this example eth0 is our network, and eth1 the other companies network.
It is worth checking the free space in the Flash memmory and compacting if
nessesary
While logged in as manager.
If the above shows any problem fix before proceeding further.
In this case our netoerk is the private network, and the other
companies the public.
An interface may only be defined as private in one policy,
An interface may be defined as public in two policies.
A Policy may have multiple private and public interfaces.
Default rules are :-
Note the default rules block ICMP traffic such as pings this stops
cirtain abuses, but makes diagnosing and testing a pain.
So the rules here re-enable them.
Note this command is pushing the max line length limit of a command, you
will probabaly have to either abrevieate the options to their minimum length.
And the same for the local private networks.
However you should now be able to ping or traceroute from devices,
on one of the private networks to the other, or to the internet.
Note if the tunnel is working properly you should not see any intermediate
routers apearing in the trace route listing when tracing between the
sites private networks.
If you suspect a problem on the network between two routers, you must trace
to the remote routers public interface, so that your trace packets do not
use the tunnel, but follow the route of the tunnels transport layer.
Config used for Eval and notes
Setup is for a
Our private network->Firewall->Other network
, type config.
Network specific info for eth0 {Hitech Logistics}
Network specific info for eth1 {Widgets inc}
The Base configuration should have already been, set and saved.
eth0 is for our network, and eth1 the other companies.
Both should be configured as per the
notes.
Show Flash
Activate Flash compaction
Private Network interface
If you have not already done so, configure the IP address and
setings for the private interface
eth0.
Public Network interface
If you have not already done so, configure the IP address and
setings for the public interface
eth1.
Create Security officer
If you have not already created a Security Officer
Login you need to do so now.
Please remember to keep a note of the name and password,
add
user=Arther
password=qlbp
priv=securityofficer
Firewall config
Before continuing any further it is worth checking that your routing table
looks sensible and that you can at leased ping something on both
networks while loged on as manager to the Firewall.
show ip route
ping 193.133.123.131
ping 192.168.124.122
Nemiss Firewall Module Config
We need to designate a minimum of one policy, with both a public and
a private network.
enable fire
create fire poli=main
#
# Assign public and private interfaces
add fire poli=main int=eth0 type=private
add fire poli=main int=eth1 type=public
#
# Enable ICMP pings.....
enable firewall policy=main icmp_forwarding=all
#
#
# Enable FTP from other company.
add fire poli=main rule=10 int=eth1 action=allow
ip=193.133.123.140
prot=tcp
port=21
gblip=193.133.123.140
gblpo=21
#
#
#
add ip route=0.0.0.0 int=eth1
next=193.133.123.129
mask=255.255.255.255
How it works
Site to Site
Testing
You should still be able to ping addresses on the public internet,
from the router.