INSTALLATION MANUAL FOR THE EMS I-MO 540 SERIES APPLIANCE
Version
1.2
ELECTRONIC MEDIA SERVICES LIMITED
PASSFIELD BUSINESS CENTRE, LYNCHBOROUGH ROAD, LIPHOOK, HAMPSHIRE, GU30 7SB, UK
Tel:
01428 751655 |
Fax:
01428 751654 |
E-mail:
Page
20
of
58
With this option you can allow access to e.g. your mail server. The machines must have valid public IP
addresses.
The format of the rule is a space separated list of:
<source network>,<destination network>[,protocol[,destination port[,flags]]]
If the protocol is icmp then port is interpreted as icmp type
The flags parameter is a comma separated list and may consist of one or more of the following:
•
ipsec
matches packets that originate from an IPsec tunnel
•
zonein=zone name
matches packets entering on interfaces in the specified zone
•
zoneout=zone name
matches packets leaving on interfaces in the specified zone
Examples:
•
"1.1.1.1,2.2.2.2" allow the host 1.1.1.1 to access any service on the host 2.2.2.2
•
"3.3.3.3/16,4.4.4.4/24" allow the network 3.3.3.3/16 to access any service in the network 4.4.4.4/24
•
"5.5.5.5,6.6.6.6,igmp" allow routing of IGMP messages from 5.5.5.5 to 6.6.6.6
•
"0/0,0/0,udp,514" always permit udp port 514 through the firewall
•
"192.168.1.0/24,10.10.0.0/16,,,ipsec \ 10.10.0.0/16,192.168.1.0/24,,,ipsec" permit traffic
from 192.168.1.0/24 to 10.10.0.0/16 and vice versa provided that both networks are connected via
an IPsec tunnel
•
"fd76:9dbb:91a3:1::/64,fd76:9dbb:91a3:4::/64,tcp,ssh" allow ssh from one IPv6 network to another
VPN Tab
The VPN tab configures one or more IPSEC tunnels.
Basic VPN Settings Tab
On the basic tab you can enable or disable the VPN client.
When the VPN is enabled you must specify the IP address of the remote VPN server and the shared secret.
