How to create a zone bridging rule in the new consolidated Firewall rules page.
By default, all internal network zones are isolated by the Smoothwall by virtue of each network zone being allocated its own interface on the Smoothwall. Zone bridging allows communication to take place between a pair of network zones for the purpose of resource sharing for example, within a corporate environment, you may want to isolate departmental networks from each other, but allow access to printers in one.
The Inverness release saw the firewall-related pages in the Smoothwall being consolidated. The previous page for setting up zone bridging (Network > Filtering > Zone bridging) has been amalgamated into the new firewall page (Network > Firewall > Firewall rules) which determines how traffic is routed through the Smoothwall.
Tip: Reply packets within the same connection are handled by the same rule. However, it should be noted that communication between zones is one-way, that is, always initiated from the same end. To create a bi-directional bridge, you should create a separate rule for each direction of communication.
Note: The following solution assumes you have rules in place already that routes traffic from one network zone to a specific interface on the Smoothwall.
- Go to Network > Firewall > Firewall rules.
- Create a firewall rule, noting the following:
- Source IP addresses Select those IP addresses from which access is permitted. Leave this parameter blank to match traffic coming from all IP addresses.
- Inbound interfaces Select the interface the source network zone uses to access the Smoothwall.
- Destination IP addresses Select those IP addresses to which access is permitted. Leave this parameter blank to allow traffic all IP addresses.
- Outbound interfaces Select the interface matching network traffic is routed through, therefore allowing access to another network zone.
- Services Select those service objects, previously Ports and Protocols, relevant for this rule.
- Action From the drop-down list, select Accept.
The above creates a group bridging rule that mirrors the behavior from the pre-Inverness Smoothwalls, that is, control the flow of traffic from the specified network zone to another.
Tip: Firewall rules are applied in a top-down approach. Move this rule above any block rules you have in place.
With the new consolidated firewall, you can also:
- If using an IP address range or subnet for Source IP address or Destination IP address you can exclude IP addresses in that range from matching the zone bridging rule.
- Specify the Applications (Apps) that are used by the matching network traffic. Leave this parameter blank to match traffic from any application.
- Choose whether to Log matching traffic to the Firewall log.
- Choose whether to drop or reject (Action) all matching network traffic
For a detailed description of how to create and manage firewall rules, go to https://help.smoothwall.net/Inverness/Content/ui/admin/ipfilter/forward.htm.