Ferimex E-4000 User Manual - page 17
# fwd (forwarded traffic), all (same as empty)
# input/output interface name
# IP protocol (tcp,udp,icmp)
# src/dst ip address/mask
# missing values mean 'any'
This setting add a firewall rule for blocking (action deny) or allowing packets matching
the rule. Note that for forwarded traffic, the chain is fwd, chains in and out are only
for traffic destined for resp. originating from the Traffic Manager.
Setting up port redirection:
add frw redir [
set frw redir
del frw redir
show frw redir
reload redir
This command configures TCP port redirection, that useful in combination with NAT.
This way you can redirect inbound connections to the host on the network with trans-
lated private ip addresses, that would otherwise be unreachable. Useful for SMTP,
HTTP, POP3 and other protocols.
Example: Traffic Controller has external IP address 195.225.55.1 and connects a net-
work with private address 10.10.10.0/24. There is SNAT configured, so that connecti-
ons from the privatte network get their source address translated to the external
address. On the private network there is e.g. Microsoft Exchange running on the host
IP 10.10.10.2/24.
Use the command:
add frw redir 195.225.55.1:25-10.10.10.2:25
reload redir
to achieve redirecting inbound connections from the internet to the exchange host.
Note: There could be only one service listening on a single local port.
Setting up ssh access restrictions
set frw ssh_ip
add frw ssh_ip
del frw ssh_ip
reload frw
Use this commands to manipulate the access to the ssh service only from a known
address ranges (e.g. to avoid a security hazard).
18
TRAFFIC MANAGER E-4000