ClearFoundation

Hello,

I use ClearOS 5.2. I installed the advanced module and created a rule for forwarding access SSH by MAC address.
When I enable the rule, the navigation of all users of the network does not work.

If the MAC address is on the internet it will not work as it is not transmitted beyond the first router away from it. It should not, however, stop users navigating the network. What is the output to:

Ok!
So why there is this option to enable access by MAC address?
Are you saying that this option does not work?

I need an example to use the option Advance Firewall.
Enable external access on port 2201 only for the external ip 187.15.22.1 forwarded to the internal ip 10.0.0.7 port 22.
See rule that I created in the image attached.
For my rule does not work?
When I try to access "connection refused"

The option is there for the MAC address as it works on some rules, such as forwarding from the internal LAN to the internal HotLAN.

I've tried setting up your rule and it appears to ignore the the source port range. I am not sure if you want the source port range either as I don't think you can guarantee your source port. I have a feeling you want the rule as you have it, but without the source port. You will then need an Custom rule or manual rule:Change ethX to your WAN interface or drop the "-i ethX" bit from the rule. Try the rule at the command line first. If it works, copy and paste it into either the custom firewall rules or /etc/rc.d/rc.firewall.local. The rule will then survive a restart of the firewall.

Thank you for your response.
I'd like to use the module Advanced Firewall but you helped with a custom rule.

You can do this by Advance Firewall module or just customizing?
and as forward INTERNAL IP to 10.0.0.7?

I looked at the rule created in the advanced firewall module an I could not get it to redirect the original destination port (not source port). To do that I had to use a custom rule. Then the advanced rule works as you wanted. I don't think you can do a port change with the advanced firewall rule module.

Perfect! it worked!
but I still need to redirect port 22 to my internal server (10.0.0.7)
I think there is something to complete your iptables rule.
Sorry I have more knowledge about iptables: (
You could add the rule to direct port 22 to the internal ip 10.0.0.7?
Thank you for your help!

You need both rules, the Custom rule and the Advanced rule, together. The alternative is to wmulate the Advanced rule with another two or or three Custom rules. To look at the effects of the rules, use the commands "iptables -L -n -v" and "iptables -t nat -L -n -v". From memory, you will find the advanced rule interface adds three rules, one each to the PREROUTING, POSTROUTING and FORWARD chain. If you are doing rules manually, you can probably combine the PREROUTING and Custom rules into one. Google "man iptables" got the man pages for iptables. There is great information there. Also this link and this one will give you an idea how the tables and chains work in iptables.