I should have mentioned by setup, pretty typical:
cable modem/staticIPs (eth0), ZS(router/FW), LAN 192.168.1.0(eth1)
Here is a summary of my VS rules:
eth0/IP(RemoteServer OR MyStaticWAN?):TCP25 – 192.168.1.2:5
eth0/ANY:UDP5060,10000-20000 – 192.168.1.4:5060,10000-20000
eth0/ANY:TCP444(random) – 192.168.1.10:443 [web GUI]
If the first IP address is my interface, not the server communicating with me, where can I put that (under firewall chain input)?
What firewall rules are required beyond the default rules, I have:
Input ACCEPT – default was no rules, I added
– accept eth1:22, 80, 443 (I saw in a post to put this as a safeguard in case lock yourself out of ZS)
– drop eth0 all
Forward ACCEPT – default no rules, ‘accept all from all’ would be redundant because that is the default action correct?
Output ACCEPT – same as above.