14.2.19. Running Multiple Services on the Same Machine on Different Virtual Addresses and Different Ports

Here is an example of how Firewall Builder can be used to build a firewall protecting a server. Suppose we run several secure web servers on the same machine and use virtual IP addresses to be able to supply different certificates for each one.

In addition, we run the webmin service on the same machine that we use to manage it. We need to permit access on protocol HTTPS to virtual addresses web servers are using from anywhere, and limited access to the webmin port on a specific address.

Here is the firewall object:

Figure 14.58. Firewall Object with Multiple Services

Firewall Object with Multiple Services

Here are the policy rules:

Figure 14.59. Policy Rules

Policy Rules

Access to the webmin service is only permitted from the local network, while access to the secure web servers running on virtual addresses fxp0-ip1, fxp0-ip2 and fxp0-ip3 is permitted from anywhere.

The following screenshot illustrates how the TCP service object webmin is created.

Figure 14.60. webmin object

webmin object

The webmin service uses port 10000, so we put this port number in both the beginning and end of the destination port range. We do not need to do any inspection of the TCP flags and leave all of them unchecked in this object.


Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
 Using free CSS Templates.