Web access example

In this case, the new Internet Access (eth2) will be used for the LAN web access that will be redirected to the new interface:

1. Rule to masquerade the outgoing traffic for the eth2 interface;
   • Type: General configuration;
   • Rule: POSTROUTING;
   • Interface: eth2;
   • Protocol: ALL;
   • Module: Leave blank;
   • Source IP: Leave blank;
   • Origin port: Leave blank;
   • Destination IP: Leave blank;
   • Destination port: Leave blank;
   • Parameters: Leave blank;
   • Politics: SNAT;
   • Value: eth2 IP;

2. Rule to allow the replies for port 80 by the Internet web servers:
   • Type: General configuration;
   • Rule: INPUT;
   • Interface: eth2;
   • Protocol: TCP;
   • Module: Leave blank;
   • Source IP: Leave blank;
   • Origin port: 80;
   • Destination IP: Leave blank;
   • Destination port: Leave blank;
   • Parameters: ! --syn;
   • Politics: ACCEPT

3. Rule to allow the replys for port 443 by the Internet web servers:
   • Type: General configuration;
   • Rule: INPUT;
   • Interface: eth2;
   • Protocol: TCP;
   • Module: Leave blank;
   • Source IP: Leave blank;
   • Origin port: 443;
   • Destination IP: Leave blank;
   • Destination port: Leave blank;
   • Parameters: ! --syn;
   • Politics: ACCEPT

4. Rule to forward traffic with origin in LAN and destination the port 80 in Internet (only when the proxy is not used!)
   • Type: General configuration;
   • Rule: PREROUTING;
   • Interface: eth0;
   • Protocol: TCP;
   • Module: Leave blank;
   • Source IP: LAN ip;
   • Origin port: Leave blank;
   • Destination IP: ! eth1 IP;
   • Destination port: 80;
   • Parameters: Leave blank;
   • Politics: MARK;
   • Value: 1 (firewall tag);

5. Rule to forward traffic with origin in LAN and destination the port 443 in Internet (only when the proxy is not used!)
   • Type: General configuration;
   • Rule: PREROUTING;
   • Interface: eth0;
   • Protocol: TCP;
   • Module: Leave blank;
   • Source IP: LAN network;
   • Origin port: Leave blank;
   • Destination IP: ! eth1 IP;
   • Destination port: 443;
   • Parameters: Leave blank;
   • Politics: MARK;
   • Value: 1 (firewall tag);

6. Rule to forward traffic with origin in a machine conected to the LAN using VPN PPTP and destination the port 80 in Internet (only when the proxy is not used!)
   • Type: General configuration;
   • Rule: PREROUTING;
   • Interface: ppp+;
   • Protocol: TCP;
   • Module: Leave blank;
   • Source IP: LAN IP;
   • Origin port: Leave blank;
   • Destination IP: ! eth1 IP;
   • Destination port: 80;
   • Parameters: Leave blank;
   • Politics: MARK;
   • Value: 1 (firewall tag);

7. Rule to forward traffic with origin in a machine conected to the LAN using VPN PPTP and destination the port 443 in Internet (only when the proxy is not used!)
   • Type: General configuration;
   • Rule: PREROUTING;
   • Interface: ppp+;
   • Protocol: TCP;
   • Module: Leave blank;
   • Source IP: LAN IP;
   • Origin port: Leave blank;
   • Destination IP: ! eth1 IP;
   • Destination port: 443;
   • Parameters: Leave blank;
   • Politics: MARK;
   • Value: 1 (firewall tag);

8. Rules to forward outgoing Internet web http traffic for eth2:
   • Type: General configuration;
   • Rule: OUTPUT;
   • Interface: eth1;
   • Protocol: TCP;
   • Module: Leave blank;
   • Source IP: eth1 IP;
   • Origin port: Leave blank;
   • Destination IP: ! eth1 IP;
   • Destination port: 80;
   • Parameters: Leave blank;
   • Politics: MARK;
   • Value: 1 (firewall tag);

9. Rules to forward outgoing Internet web https traffic for eth2:
   • Type: General configuration;
   • Rule: OUTPUT;
   • Interface: eth1;
   • Protocol: TCP;
   • Module: Leave blank;
   • Source IP: eth1 IP;
   • Origin port: Leave blank;
   • Destination IP: ! eth1 IP;
   • Destination port: 443;
   • Parameters: Leave blank;
   • Politics: MARK;
   • Value: 1 (firewall tag);

NOTE: To route other services for the new internet access (local and remote port), the idea is the same.