I am moving to ebox from Ipcop. I did it from the install cd (though some day I hope to have a full fleged ubu install)
Anyway, I just cant get port forwarding working.
I have added static dhcp addresses for 2 of my computers, one will do BT the other webguide, for the sake of simplicity lets stay with webguide
I added a service called Webguide4 thats TCP&UDP ports 1128:1129 and I have tried selecting and deselecting internal.
I then created an object and member with the computer name and its information (the subnet mask threw me off for a bit, I am used to /24 not /32 (the host))
Then went to firewall->Packet filter->external networks to internal networks and allowed the service to the correct object. no dice. Then i tried it by IP (the object is still there regardless) no dice.
Read the manual, and it said I had to do port redirects, which i tried, no dice. There doesnt even seem to be a section on services in the manual.
I just cant seem to get this right- what am I doing wrong?
As far as I understand, you're trying to give access from external networks (Internet) to a service (Webguide4) in other machine. As you pointed, the place to put the rule is "Filtering rules from external networks to internal networks". Webguide4 is listening to 1128:1129 TCP/UDP port range, so put this port range as
Destination port in the service configuration. The matter of
internal attribute is to prevent other services from using that port range. So the firewall rule must follow something similar to:
Decision | Source | Destination | Service |
ACCEPT | Any | Your desired IP address | Webguide4 |
This rule accepts connections from external networks (those interfaces which have been marked as external ones) to your desired IP address (in the internal network, that is, reachable from an internal interface) to the ports 1128:1129 using TCP or UDP protocol.
However, if you meant, port redirection, ie mapping an eBox port to an internal machine port, you should use Port Redirection which is at the menu
Firewall->Redirects.
Other stuff:
When I first set it up, my old linux laptop was the client. It surfed the web, etc fine. When I plugged my whole network in I had to go to packet filter->Filtering rules for internal networks and add an any/any rule. Why?
Other things I would really like to see/miss from Ipcop:
1. Dynamic DNS update support (I really miss this)
2. HASP virus filtering on http (was an addon to Ipcop)
3. Web cache
4. Full lamp
But overall eBox is far more clean, streamlined and professional than Ipcop (or astaro before it) I am really liking it, and (with some help) hope to get fully up and running soon!
Any suggestion may be included as a ticket in our trac system [1]. HASP has been already suggested to filter virus from HTTP service. Web cache is already done by ebox-squid module. Regarding to LAMP, we think they are lots of different solutions to apply in Web application scheme. Merely saying, 5 different technologies come up to my mind. So we have decided to include a Webserver module to ease the virtual host creation, inside you may use mod_php, mod_python, fcgi..., and userdir feature to ease the file sharing using HTTP and Samba.
Thanks very much for you feedback and hope this helps you!
[1]
http://trac.ebox-platform.com