pricerage
asked on
Inbound Access List Help
My ISP gives me the ability to use a managed firewall on their router. I can use a web interface provided to manipulate it. However, my attempts to utilize it have ended up with some bad results. My end goal is to lock down all incoming traffic except for the few things I am using.
The basic look of the firewall interface I have access to is:
//These are the main headings.
ACTION PROTOCOL APPLICATION PORTS IP ADDRESSES
//These are the options for each heading
ACTION: (permit | deny)
PROTOCOL: (TCP | UDP | IP)
//The application, ports, and addresses or split into two parts: Source and destination
//For each part they have the following options
APPLICATION: (ANY | DNS | HTTP | etc...)
PORTS: Two Textboxes for range
IP ADDRESSES:
( ANY | HOST | NETWORK) //depending on what you select here, you input more shown below
One Textbox for what I assume is an IP address if you specify "host" above
Drop Down list (ex: /24) I believe this is for subnet if you specify "network" above
My needs are as follows:
Web Server
VPN Server (IPsec)
Remote Desktop
Everything Else Blocked
The public IP Addresses of the Web and VPN servers are for example: 69.69.69.69 (mask 255.255.255.248)
The rest of the network are privately addressed for example: 10.0.1.3 (mask 255.255.255.0)
We use the VPN to connect to the network and then use remote desktop to connect directly to any given computer.
Any guidance would be helpful. I am also aware that the order of entry is kind of important.
There is also the following note on the interface. I'm not sure if it matters.
PLEASE NOTE: In order to prevent inadvertent restrictions to network access, each Access Control List ends with a statement which permits all traffic which does not have a specific rule associated with it. Please refer to the help documentation for information on how to override this rule.
The basic look of the firewall interface I have access to is:
//These are the main headings.
ACTION PROTOCOL APPLICATION PORTS IP ADDRESSES
//These are the options for each heading
ACTION: (permit | deny)
PROTOCOL: (TCP | UDP | IP)
//The application, ports, and addresses or split into two parts: Source and destination
//For each part they have the following options
APPLICATION: (ANY | DNS | HTTP | etc...)
PORTS: Two Textboxes for range
IP ADDRESSES:
( ANY | HOST | NETWORK) //depending on what you select here, you input more shown below
One Textbox for what I assume is an IP address if you specify "host" above
Drop Down list (ex: /24) I believe this is for subnet if you specify "network" above
My needs are as follows:
Web Server
VPN Server (IPsec)
Remote Desktop
Everything Else Blocked
The public IP Addresses of the Web and VPN servers are for example: 69.69.69.69 (mask 255.255.255.248)
The rest of the network are privately addressed for example: 10.0.1.3 (mask 255.255.255.0)
We use the VPN to connect to the network and then use remote desktop to connect directly to any given computer.
Any guidance would be helpful. I am also aware that the order of entry is kind of important.
There is also the following note on the interface. I'm not sure if it matters.
PLEASE NOTE: In order to prevent inadvertent restrictions to network access, each Access Control List ends with a statement which permits all traffic which does not have a specific rule associated with it. Please refer to the help documentation for information on how to override this rule.
ASKER
Thanks. This all makes sense. However, on the interface, each entry looks similar to the setup below. You have to enter the source and destination. Is what I have here correct?
ACTION PROTOCOL APPLICATION PORTS IP ADDRESSES
Source:
WWW 80 80 Any
Permit TCP
Destination:
WWW 80 80 10.0.1.3
ACTION PROTOCOL APPLICATION PORTS IP ADDRESSES
Source:
WWW 80 80 Any
Permit TCP
Destination:
WWW 80 80 10.0.1.3
Source need to be any port >1024
Destination port = 80
Destination port = 80
ASKER
"Source need to be any port >1024" Can you explain that? How would a request made to port 80 be included in that? This is what I thought it would be:
ACTION PROTOCOL APPLICATION PORTS IP ADDRESSES
************************** *********
Source:
WWW 80 80 Any
Permit TCP
Destination:
WWW 80 80 10.0.1.3
************************** ********** **
Source:
RDP 3389 3389 Any
Permit TCP
Destination:
RDP 3389 3389 10.0.1.4
This is what it sounds like you are saying to do:
This is what I thought it would be:
ACTION PROTOCOL APPLICATION PORTS IP ADDRESSES
************************** *********
Source:
WWW 1024 (max port?) Any
Permit TCP
Destination:
WWW 80 80 10.0.1.3
************************** ********** **
Source:
RDP 3389 3389 Any
Permit TCP
Destination:
RDP 3389 3389 10.0.1.4
ACTION PROTOCOL APPLICATION PORTS IP ADDRESSES
**************************
Source:
WWW 80 80 Any
Permit TCP
Destination:
WWW 80 80 10.0.1.3
**************************
Source:
RDP 3389 3389 Any
Permit TCP
Destination:
RDP 3389 3389 10.0.1.4
This is what it sounds like you are saying to do:
This is what I thought it would be:
ACTION PROTOCOL APPLICATION PORTS IP ADDRESSES
**************************
Source:
WWW 1024 (max port?) Any
Permit TCP
Destination:
WWW 80 80 10.0.1.3
**************************
Source:
RDP 3389 3389 Any
Permit TCP
Destination:
RDP 3389 3389 10.0.1.4
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help.
Remote desktiop directly to 10.0.1.4
IPSEC VPN server = 10.0.1.5
PPTP VPN server = 10.0.1.6
ACTION PROTOCOL APPLICATION PORTS IP ADDRESSES
Permit TCP WWW 80 80 10.0.1.3
Permit TCP RDP 3389 3389 10.0.1.4
Permit UDP VPN-ISAKMP 500 500 10.0.1.5
Permit UDP VPN 4500 4500 10.0.1.5
Permit TCP PPTPVPN 1723 1723 10.0.1.6