Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Looking for help setting up a firewall

Posted on 2002-03-09
11
Medium Priority
?
199 Views
Last Modified: 2013-11-16
I am hoping to find someone who can help me setup a firewall. Need help with setting up rules, forwarding, Nat etc.  Software and hardware installed and running. i would set up an additional admin user temporarily so the work could be done with your browser.

If interested let me know how to contact and whether hourly or flat rate

Thanks
0
Comment
Question by:emery_k
11 Comments
 
LVL 12

Expert Comment

by:Housenet
ID: 6853686
-Depends on the details.  Email me for a phone number. housenet@hotmail.com
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6853841
What kind of firewall?
0
 
LVL 1

Author Comment

by:emery_k
ID: 6854720
The firewall is linux based by Astaro.
see http://www.astaro.com 
Administration is by a Webmin style interface.
We have DSL which Astaro's latest beta release finally supports.
It is installed on a P3-800, 256MB, 40GB, box with 1 onboard Intel Nic and a D-Link 4 port NIC so there are 5 NIC ports installed.
I want to set up the ADSL, a network for some internal PCs running Windows to access the Internet, a 2nd Network for email server, webserver, and whatever other internet related service might be added later.

Since Astaro includes VPN ability I might want to set that up between two locations but only after the above is done.

The Internal network is currently using a Linksys Router and port forwarding to the email and webserver. This works fairly well.
I've got a couple of other projects that are a lot higher priority so I'm looking for help getting this going.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 12

Expert Comment

by:Housenet
ID: 6857359
Emery, what is the status of your install ?
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6861792
>  i would set up an additional admin user temporarily so the work could be done with your browser.

contradictory terms. Should always be more than one admin. Enabling browser access to configure firewall from internet? Sheesh!

> If interested let me know how to contact and whether

nope. invalid request. this is free (only) help site. We all share in results, and learning

(although Miller's indicated flexibility for some changes down the road, for increased $ opportunities)
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 6866440
don't depend on linksys
0
 
LVL 1

Author Comment

by:emery_k
ID: 6871229
FlamingSword
The linksys has done a pretty good job for the last 18 months. it definitely has it's limitations but it's Ok for home users and small busines for internet access-sharing. I do agreee that you'd better understand It's limits.

Housenet
Current Status is the internal network network works fine. noticeable difference versus the linksys in speed. Just seems crisper/snappier. The Linux Webserver and email server can each ping www addresses but do not respond to requests for web pages. Will work some more with it this AM

THanks all for comments
0
 
LVL 12

Accepted Solution

by:
Housenet earned 200 total points
ID: 6874563
-After some checking here's what I found on implementing Astaro version 3.0.
-Astaro can be used with a single Internet IP address (assigned to firewall) & map incoming ports to several different hosts existing in the DMZ and Inside LAN.
-Use packet filter rules to enable protocols & ports.
-When configuring Nat/masquerading options initial incoming service must show source any, dest outside IP, change dest, Inside IP.  
-Inside to outside traffic must massacred on the outside interface.

Astaro supports the following IMO great features,
-Smtp relay control, file attachment extension, & subject filtering. Blacklist, whitelist filtering.
-URL filtering, keyword content filtering.
-Ipsec tunneling. tunnels between Ike compliant devices.
-Welf logging.
-Web based configuration interface.
-64000 concurrent sessions.
-Backup-restore configuration file suppport.
-Bootable Iso cd image to install (average install time 5-10 mins)
-100% free for non-commercial use. You supply computer (P350 min).
-very similar to netscreen 50 (except more sessions).
-Similar features on a hardware appliances are available only on very expensive devices, out of the price range of a home-small office user.
-Can you tell I'm impressed ?
0
 
LVL 3

Expert Comment

by:DVB
ID: 6938627
To get back to topic:
Could you draw some ASCII art of what you need?
You have described your network topology thusly:

Internet-----Firewall-----Internal Network with windows
                       |
                       |
                  DMZ with Web and Mail servers.

This is a standard dual homed firewall. I will now consider the External interface of the firewall to be 10.10.10.1, the DMZ to be 172.16.1.1 in 172.16.1.0/24, and the internal network  interface to be 192.168.1.1, in 192.168.1.0/24
The following is console oriented, you can figure out how to do this with a browser, and not related to any firewalling system (ip[chain|table]s).

$fwcmd will be your firewall command.

Assuming that your policies say:
Allow all traffic from the Internet to the public Web server, and to the inbound mail server sitting in the DMZ.

#Prevent IP spoofing
$fwcmd $src 192.168.1.0/24 $interface not $internal DROP
$fwcmd $src 172.16.1.0/24 $interface not $dmz DROP
$fwcmd $src 0.0.0.0/0 $dest not $dmz $interface $external DROP

#Allow to the web server
$fwcmd $source 0.0.0.0/0  $dest $webserver $destport 80 ALLOW
$fwcmd $source 0.0.0.0/0 $dest $webserver $destport not 80 DROP $log

Similar rules for the rest of your requirements.

Hope this helps to start off.
0
 
LVL 1

Author Comment

by:emery_k
ID: 7270096
Thought this had been closed.
Thanks all for the input
0
 
LVL 12

Expert Comment

by:Housenet
ID: 7271189
Hello Emery,
-How are you? Sorry I didnt get back to you last time we were in contact. Whats new with your setup ?
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Experts Exchange expands question security options for members.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question