Please excuse the long description, but I have searched and searched and been unable to find an answer to this question.
I've been asked to configure an SME 6.0.1-01 server to act as a VPN host, which I have been able to do so (Using OpenVPN) thus far due to all of the information/contribs that I've found through this site.
They would like VPN'ed users to only be able to access on machine on their network for accessing an intranet web site. It looks something like what's below:
[INTERNET] => [FIREWALL(10.0.0.1)] => (10.0.0.0/24) => [SME] => (10.0.10.0/24)
VPN users are assigned an IP in the 10.0.10.0/24 network. The SME is set up in Server/Gateway mode and the 10.0.0.0/24 network is considered the WAN.
I would like the SME to only be able to access the firewall (for the VPN) and the intranet web server (10.0.0.25). I would like everything else on the WAN blocked. If possible, I would like the access to the intranet web server restricted to ports 80 and 443.
I've been unable to figure out how to modify the custom templates for the /etc/rc.d/init.d/masq file to make this a possibility. I've searched extensively for information on how to do it but haven't been able to find anything. This level of IPTABLES configuration is over my head because I've tried to modify the rules myself but have been unsuccessfull.
Can anyone tell me how achieve what I've described above?
Is there any type of interface for managing the outbound firewall rules?
Thanks in advance for any information that can be provided!
-Patrick
0 Replies
1893 Views