Firewall rules

Firewall rules
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Firewall rules hunkgym 06-28-2007
---> Re: Firewall rules Ansgar -59cobal...06-28-2007
Posted by hunkgym on June 28, 2007, 11:03 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Good Day!

Currently, this is a simple LAN network with firewall diagram in my
company.

Please kindly refer to http://hgym.photosite.com/firewall/LANfirewall.html
for the mentioned diagram.


I wish to set an IP on the network interface of the FTP/Web/Mail
Server. Any suggestion?


Meanwhile, I would like to set certain firewall rules if the users in
192.168.1.0/24 wish to access FTP/Web/Mail Server


My suggestion:

>From Internal To DMZ, Port 100.


Any more suggestions for the firewall rules? In the suggestions would
be appreciate if IP, Subnets and outgoing DNS policy be included.

Thanks a million!


Posted by Ansgar -59cobalt- Wiechers on June 28, 2007, 11:33 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Currently, this is a simple LAN network with firewall diagram in my
> company.
>
> Please kindly refer to
> http://hgym.photosite.com/firewall/LANfirewall.html
> for the mentioned diagram.

Three-legged-firewall with LAN and DMZ nets is a really basic firewall
scenario.

> I wish to set an IP on the network interface of the FTP/Web/Mail
> Server. Any suggestion?

You need to forward the FTP, HTTP(s), and SMTP ports from the external
interface to the respective hosts in the DMZ. In the case of FTP you
also need to deal with the fact, that FTP always uses two connections.

> Meanwhile, I would like to set certain firewall rules if the users in
> 192.168.1.0/24 wish to access FTP/Web/Mail Server

Allow access from the LAN to the servers in your DMZ and limit access to
the required ports.

> My suggestion:
>
> From Internal To DMZ, Port 100.

Suggestion for what? What is this rule supposed to achieve? Why port
100? Which protocol? And why from LAN to all DMZ?

Besides, you didn't even mention what firewall you use, so the syntax
may be entirely different.

> Any more suggestions for the firewall rules? In the suggestions would
> be appreciate if IP, Subnets and outgoing DNS policy be included.

My suggestion: get someone with clue to do this for you. From what you
wrote here you seem to lack even the most basic firewalling knowledge.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Posted by hunkgym on June 29, 2007, 10:22 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Jun 28, 5:33 am, Ansgar -59cobalt- Wiechers
> > Currently, this is a simple LAN network with firewall diagram in my
> > company.
>
> > Please kindly refer to
> >http://hgym.photosite.com/firewall/LANfirewall.html
> > for the mentioned diagram.
>
> Three-legged-firewall with LAN and DMZ nets is a really basic firewall
> scenario.
>
> > I wish to set an IP on the network interface of the FTP/Web/Mail
> > Server. Any suggestion?
>
> You need to forward the FTP, HTTP(s), and SMTP ports from the external
> interface to the respective hosts in the DMZ. In the case of FTP you
> also need to deal with the fact, that FTP always uses two connections.
>
> > Meanwhile, I would like to set certain firewall rules if the users in
> > 192.168.1.0/24 wish to access FTP/Web/Mail Server
>
> Allow access from the LAN to the servers in your DMZ and limit access to
> the required ports.
>
> > My suggestion:
>
> > From Internal To DMZ, Port 100.
>
> Suggestion for what? What is this rule supposed to achieve? Why port
> 100? Which protocol? And why from LAN to all DMZ?
>
> Besides, you didn't even mention what firewall you use, so the syntax
> may be entirely different.
>
> > Any more suggestions for the firewall rules? In the suggestions would
> > be appreciate if IP, Subnets and outgoing DNS policy be included.
>
> My suggestion: get someone with clue to do this for you. From what you
> wrote here you seem to lack even the most basic firewalling knowledge.
>
> cu
> 59cobalt
> --
> "If a software developer ever believes a rootkit is a necessary part of
> their architecture they should go back and re-architect their solution."
> --Mark Russinovich

Good Day!

Firewall use - SifoWorks U-series firewall

Router use - CISCO Router 3800 Series

Thanks.


Posted by hunkgym on July 3, 2007, 11:01 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Good Day!

Thanks for the fruitful information. Currently I only have 1 Public IP
which I purchase from the ISP. Anyway, technically, which one is the
better choice, use additional public IP or map one system to a port
other then 80?

Would be appreciate too if you can share your relevant experience
(about the brand of firewall you know or currently use) with all of
us.

Thanks!


> > > Currently, this is a simple LAN network with firewall diagram in my
> > > company.
>
> > > Please kindly refer to
> > >http://hgym.photosite.com/firewall/LANfirewall.html
> > > for the mentioned diagram.
>
> > Three-legged-firewall with LAN and DMZ nets is a really basic firewall
> > scenario.
>
> > > I wish to set an IP on the network interface of the FTP/Web/Mail
> > > Server. Any suggestion?
>
> > You need to forward the FTP, HTTP(s), and SMTP ports from the external
> > interface to the respective hosts in the DMZ. In the case of FTP you
> > also need to deal with the fact, that FTP always uses two connections.
>
> > > Meanwhile, I would like to set certain firewall rules if the users in
> > > 192.168.1.0/24 wish to access FTP/Web/Mail Server
>
> > Allow access from the LAN to the servers in your DMZ and limit access to
> > the required ports.
>
> > > My suggestion:
>
> > > From Internal To DMZ, Port 100.
>
> > Suggestion for what? What is thisrulesupposed to achieve? Why port
> > 100? Which protocol? And why from LAN to all DMZ?
>
> > Besides, you didn't even mention what firewall you use, so the syntax
> > may be entirely different.
>
> > > Any more suggestions for the firewall rules? In the suggestions would
> > > be appreciate if IP, Subnets and outgoing DNS policy be included.
>
> > My suggestion: get someone with clue to do this for you. From what you
> > wrote here you seem to lack even the most basic firewalling knowledge.
>
> > cu
> > 59cobalt
> > --
> > "If a software developer ever believes a rootkit is a necessary part of
> > their architecture they should go back and re-architect their solution."
> > --Mark Russinovich
>
> Good Day!
>
> Firewall use - SifoWorks U-series firewall
>
> Router use - CISCO Router 3800 Series
>
> Thanks.



Posted by Ansgar -59cobalt- Wiechers on July 3, 2007, 11:15 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Currently I only have 1 Public IP which I purchase from the ISP.
> Anyway, technically, which one is the better choice, use additional
> public IP or map one system to a port other then 80?

Do you want more than one web server to be publicly available? If so,
I'd recommend getting additional IP addresses, because otherwise your
users would need to know the port number(s) for the other web server(s),
which would be less convenient for them.

> Would be appreciate too if you can share your relevant experience
> (about the brand of firewall you know or currently use) with all of
> us.

The brand doesn't matter that much. What you really need to begin with
is a firewall policy where you specify who needs to access which host,
and from where.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Similar ThreadsPosted
Would these firewall rules work for me? March 31, 2005, 12:55 am
Comparing firewall rules April 3, 2005, 1:41 am
Firewall Rules and Variables =/ September 20, 2007, 1:49 pm
view all norton firewall rules February 26, 2005, 8:09 pm
Help needed - Firewall rules with D-Link DI-604 March 10, 2005, 12:57 pm
Firewall rules ~ Fresh XP install December 28, 2005, 1:14 pm
Audit Nokia firewall rules April 20, 2007, 11:57 am
Care/encryption of firewall rules April 27, 2008, 9:11 am
Re: Applying NAT Rules in Firewall-1 To External Targets Only? September 1, 2006, 3:29 am
Confused by "rules" in Kerio personal firewall 4.1 June 26, 2007, 8:01 pm

The site map in XML format XML site map

Contact Us | Privacy Policy