Firewall rule look like this:
Trusted --> Web Surfing --> Any --> Allow
Hacklab --> Any service --> Any --> Allow
I built this new box in phases, late at night when I was tired. No excuse, but this is a good lesson for all. Be careful!
Thank you teched
------
I can scan (Nmap) my trusted network from my Hacklab network.
I thought that there was automatic isolation between separate NICs/subnets unless explicitly allowed.
What have I forgotten?? [:O] (To follow my own instructions, and to look at the UTM I built MANY years ago...which was done correctly !) [:D]
------------------------------FOLLOW UP-------------------------------------------
teched caught my mistake and sent a PM minutes after I posted this. I Could have deleted the post, and hide my embarrassment, but I think this is a good lesson so I left it up.
So what happened here?
I was reading my firewall rules, incorrectly, like this:
Hacklab--> Any --> ANY Internet address.
Looking at my older UTM (This morning), I was using Internet and not ANY.
This new UTM is still in test mode, (Behind my old UTM) so there was no real external risk here, but this could have been a big issue had I not tested. I had created a document on how to build my new UTM, using my old UTM as a template, but I did not follow my own document on firewall rules!
This is another reason why I like to test all my builds before putting into production, even when I do follow my own instructions. Testing is what I was doing last night. I had taken a trusted Linux PC and put it on my still virgin hacklab network and started to verify isolation. It is a good thing that I did as this is also my malware lab! [:O]
I hope this prevents someone from making this same error!
C68
This thread was automatically locked due to age.
Quote