Help | Back to main page

JFwadmin is not intuitive enough for people without good knowledge of packets firewall, so here's tips to get started.

This help page is in early stage. Hope this helps.

Feedback is welcome. If you have other questions, mickael.feledyn@cybergal.com

What should I do to authorize HTTP access from the internet to my firewall ?
What should I do to masquerade HTTP for my local network ?
What should I do to authorize HTTP access from my firewall to the internet ?
What should I do to authorize and masquerade all traffic on my local network ?
I've done a new output and it then appears in inputs ?
I followed instructions but it doesn't work !

 

What should I do to authorize HTTP access from the internet to my firewall ?

Select "Services | New input service".

In the first combo box, select your internet interface.
In the second combo box, select ACCEPT.
In the third combo box, select "tcp" protocol.
Be sure to deselect the "Used by masquerading" checkbox (Internet access MUST NOT be masqueraded !).
Select "Service / port" radio button, then type in 80 or select "www(80)" in the combo box.

Click OK. Apply changes with the File menu.

 

 

What should I do to masquerade HTTP for my local network ?

First be sure you have an output service for HTTP to the internet (see below).

You need both an input service for your local network interface, and a masquerading service :

Select "Services | New input service".
In the first combo box, select your local network interface.
In the second combo box, select ACCEPT.
In the third combo box, select "tcp" protocol.
Select the "Used by masquerading" checkbox (This input is used to masquerade internet access).
Select "Service / port" radio button, then type in 80 or select "www(80)" in the combo box.

Click OK.

Next select "Services | New forward service".

In "Interface to relay from", select your local network interface.
In "Interface to forward to", select your internet network interface.
Policy "MASQ", protocol "tcp", service/port "www(80)".

Click OK. Apply changes with the File menu.

 

 

What should I do to authorize HTTP access from my firewall to the internet ?

Select "Services | New output service".

In the first combo box, select your internet interface.
In the second combo box, select ACCEPT.
In the third combo box, select "tcp" protocol.
Select "Service / port" radio button, then type in 80 or select "www(80)" in the combo box.

Click OK. Apply changes with the File menu.

 

 

What should I do to authorize and masquerade all traffic on my local network ?

Select "Services | New input service".
In the first combo box, select your internet interface.
In the second combo box, select ACCEPT.
In the third combo box, select "all" protocol.
Select the "Used by masquerading" checkbox (This input is used by masquerading).
Select "Ports range" radio button, then type in "0" for Low port, "65535" for High port
.

Click OK.

Next select "Services | New forward service".
In "Interface to relay from", select your local network interface.
In "Interface to forward to", select your internet network interface.
Policy "MASQ", protocol "all", Port range "0" to "65535".

Click OK. Apply changes with the File menu.

 

 

I've done a new output and it then appears in inputs ?

The GUI displays firewall state from system current state. If a service authorizes all protocols from all ports or to all ports, then the rules matching engine considers it as an input service.

 

 

I followed instructions but it doesn't work !

Be sure you authorize / forward domain service (udp 53). If you don't, names can't be resolved and WWW service, for example, is likely to not work properly.