4.1.6. Procedure – Selecting the role of the host
Purpose:
By default, the iptables utility denies any traffic going through or to the machine. The installer configures the iptables utility according to the role of the host. This selection affects only the first installation of the host, it will not modify an existing iptables configuration.
Steps:
Select the role of this machine in your firewall configuration. The following roles are available:
: Only connections from the ZMS host are allowed.
Select this role when you are installing a firewall host, or any other standalone host that will be managed from ZMS.
ZMS agent and remote shell (SSH) communication will be enabled. This technically means ports TCP/1311 and TCP/22.
: Only connections from ZMCs are allowed.
Select this role if you are installing the Zorp firewall and the Zorp Management Server on the same host.
ZMC to engine communication and remote shell communication will be allowed on ports TCP/1314 and TCP/22, respectively.
: The host is unreachable from the network.
All IP traffic will be dropped by default, therefore all remote administration attempts will fail. All allowed traffic has to be enabled manually from a local terminal.
If you have selected the or the role, enter its IP addresses:
FIREWALL: The IP address of the ZMS host used to manage the firewall.
ZMSHOST: The IP address of the ZMC used to manage the ZMS host (that is, the machines from where the firewall administrators will connect to ZMS). If managing ZMS is allowed from multiple hosts, separate the IP addresses of these hosts with spaces.
Warning Make sure that you type the IP adresses of the ZMS/ZMC hosts correctly.
Otherwise, the machine will not be accessible from ZMS/ZMC. In this case, you must manually correct the configuration of
iptables. For details, see man iptables-utils.
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
