emery_k
asked on
Looking for help setting up a firewall
I am hoping to find someone who can help me setup a firewall. Need help with setting up rules, forwarding, Nat etc. Software and hardware installed and running. i would set up an additional admin user temporarily so the work could be done with your browser.
If interested let me know how to contact and whether hourly or flat rate
Thanks
If interested let me know how to contact and whether hourly or flat rate
Thanks
-Depends on the details. Email me for a phone number. housenet@hotmail.com
What kind of firewall?
ASKER
The firewall is linux based by Astaro.
see http://www.astaro.com
Administration is by a Webmin style interface.
We have DSL which Astaro's latest beta release finally supports.
It is installed on a P3-800, 256MB, 40GB, box with 1 onboard Intel Nic and a D-Link 4 port NIC so there are 5 NIC ports installed.
I want to set up the ADSL, a network for some internal PCs running Windows to access the Internet, a 2nd Network for email server, webserver, and whatever other internet related service might be added later.
Since Astaro includes VPN ability I might want to set that up between two locations but only after the above is done.
The Internal network is currently using a Linksys Router and port forwarding to the email and webserver. This works fairly well.
I've got a couple of other projects that are a lot higher priority so I'm looking for help getting this going.
see http://www.astaro.com
Administration is by a Webmin style interface.
We have DSL which Astaro's latest beta release finally supports.
It is installed on a P3-800, 256MB, 40GB, box with 1 onboard Intel Nic and a D-Link 4 port NIC so there are 5 NIC ports installed.
I want to set up the ADSL, a network for some internal PCs running Windows to access the Internet, a 2nd Network for email server, webserver, and whatever other internet related service might be added later.
Since Astaro includes VPN ability I might want to set that up between two locations but only after the above is done.
The Internal network is currently using a Linksys Router and port forwarding to the email and webserver. This works fairly well.
I've got a couple of other projects that are a lot higher priority so I'm looking for help getting this going.
Emery, what is the status of your install ?
> i would set up an additional admin user temporarily so the work could be done with your browser.
contradictory terms. Should always be more than one admin. Enabling browser access to configure firewall from internet? Sheesh!
> If interested let me know how to contact and whether
nope. invalid request. this is free (only) help site. We all share in results, and learning
(although Miller's indicated flexibility for some changes down the road, for increased $ opportunities)
contradictory terms. Should always be more than one admin. Enabling browser access to configure firewall from internet? Sheesh!
> If interested let me know how to contact and whether
nope. invalid request. this is free (only) help site. We all share in results, and learning
(although Miller's indicated flexibility for some changes down the road, for increased $ opportunities)
don't depend on linksys
ASKER
FlamingSword
The linksys has done a pretty good job for the last 18 months. it definitely has it's limitations but it's Ok for home users and small busines for internet access-sharing. I do agreee that you'd better understand It's limits.
Housenet
Current Status is the internal network network works fine. noticeable difference versus the linksys in speed. Just seems crisper/snappier. The Linux Webserver and email server can each ping www addresses but do not respond to requests for web pages. Will work some more with it this AM
THanks all for comments
The linksys has done a pretty good job for the last 18 months. it definitely has it's limitations but it's Ok for home users and small busines for internet access-sharing. I do agreee that you'd better understand It's limits.
Housenet
Current Status is the internal network network works fine. noticeable difference versus the linksys in speed. Just seems crisper/snappier. The Linux Webserver and email server can each ping www addresses but do not respond to requests for web pages. Will work some more with it this AM
THanks all for comments
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To get back to topic:
Could you draw some ASCII art of what you need?
You have described your network topology thusly:
Internet-----Firewall----- Internal Network with windows
|
|
DMZ with Web and Mail servers.
This is a standard dual homed firewall. I will now consider the External interface of the firewall to be 10.10.10.1, the DMZ to be 172.16.1.1 in 172.16.1.0/24, and the internal network interface to be 192.168.1.1, in 192.168.1.0/24
The following is console oriented, you can figure out how to do this with a browser, and not related to any firewalling system (ip[chain|table]s).
$fwcmd will be your firewall command.
Assuming that your policies say:
Allow all traffic from the Internet to the public Web server, and to the inbound mail server sitting in the DMZ.
#Prevent IP spoofing
$fwcmd $src 192.168.1.0/24 $interface not $internal DROP
$fwcmd $src 172.16.1.0/24 $interface not $dmz DROP
$fwcmd $src 0.0.0.0/0 $dest not $dmz $interface $external DROP
#Allow to the web server
$fwcmd $source 0.0.0.0/0 $dest $webserver $destport 80 ALLOW
$fwcmd $source 0.0.0.0/0 $dest $webserver $destport not 80 DROP $log
Similar rules for the rest of your requirements.
Hope this helps to start off.
Could you draw some ASCII art of what you need?
You have described your network topology thusly:
Internet-----Firewall-----
|
|
DMZ with Web and Mail servers.
This is a standard dual homed firewall. I will now consider the External interface of the firewall to be 10.10.10.1, the DMZ to be 172.16.1.1 in 172.16.1.0/24, and the internal network interface to be 192.168.1.1, in 192.168.1.0/24
The following is console oriented, you can figure out how to do this with a browser, and not related to any firewalling system (ip[chain|table]s).
$fwcmd will be your firewall command.
Assuming that your policies say:
Allow all traffic from the Internet to the public Web server, and to the inbound mail server sitting in the DMZ.
#Prevent IP spoofing
$fwcmd $src 192.168.1.0/24 $interface not $internal DROP
$fwcmd $src 172.16.1.0/24 $interface not $dmz DROP
$fwcmd $src 0.0.0.0/0 $dest not $dmz $interface $external DROP
#Allow to the web server
$fwcmd $source 0.0.0.0/0 $dest $webserver $destport 80 ALLOW
$fwcmd $source 0.0.0.0/0 $dest $webserver $destport not 80 DROP $log
Similar rules for the rest of your requirements.
Hope this helps to start off.
ASKER
Thought this had been closed.
Thanks all for the input
Thanks all for the input
Hello Emery,
-How are you? Sorry I didnt get back to you last time we were in contact. Whats new with your setup ?
-How are you? Sorry I didnt get back to you last time we were in contact. Whats new with your setup ?