1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firewall Help

Discussion in 'Sveasoft Firmware' started by robnan, Jan 3, 2005.

  1. robnan

    robnan Network Guru Member

    How can I get some detailed instructions on all aspects of
    Satori? The firewall appears to have features that have to be run by
    command line. How can I get these commands? How are they entered? I really want to be able to restrict incoming connectings from the Internet to my IP range at work.
     
  2. zaphod

    zaphod Network Guru Member

    hi,

    search the web for the following:

    ssh or telnet (you need to connect to your routers ip with one of these terminal-like clients)

    iptables (the command to manage your firewall)

    but you really need to know some things before you can do this things... networking experience is not learned in 2 hours... but try if you will..

    try to use other firmware like hyperwrt which has a more detailed web interface for the firewall settings...


    hope this helps

    greets

    zaphod
     
  3. Gheimposse

    Gheimposse Network Guru Member

    HyperWRT hasn´t a better firewall ... this (sorry guys all around) firewall is (nothing against HyperWRT or Linksys itself) not a "firewall" itself cause of 3-4 usable add-on functions.

    A firewall (for my definition) has a default called "deny all" or "allow all".
    Depending on the administrators way to define a firewall you can decide between one of these two defaults.
    Standard is "deny all" to open the needed ports (25, 80,110,443, 995) to the wanted addresses (smtp-server, pop3-servers,etc.).
    As well there shell be some rules dropping spoofing packages, DoS attacks, etc. pp.
    A user who wants to do extensive workout with own firewall rules shell have the option to disable the given spi firewall using a menu interface i.e. port forwarding rules to manage his/her own rulesets.

    THIS FINALLY IS A FIREWALL PER DEFINTION !!!
     
  4. zaphod

    zaphod Network Guru Member

    hey man, what we are talking here about??? about professional firewalls like cisco pix, fortigate series and and and ........


    or did we talk about the linksys WRT54G with its firmware ????

    i know what a firewall is and how it works (its my job to know that cause iam installing professional firewalls ...)

    but read the question of the user again.....

    WE ARE TALKING ABOUT THE LINKSYS WRT54G and NOT about other firewalls which are better and have real firewall-features....

    Not all people got the money and can buy and use such a real firewall...

    if you want to use the WRT54G as a "firewall" you have to set the iptables-rules per script and have to install snort or something like this on the box... but without pushing the memory you will be unhappy with snort cause of the minimized ruleset you could use...


    SO dont talk about professional firewalls here its the wrong forum for it..

    greets

    zaphod
     
  5. Gheimposse

    Gheimposse Network Guru Member

    Using your own word "hey man" ... READ MY POSTING SLOW AND CORRECT!!!

    The Astaro Security Linux firewall is a professional system offering the whole functions (excluding http/pop3 virus scanning and cobion filter) to home users FOR FREE! *damn guys talking/writing before reading*

    If you do not have standing around an old pc ... so the programmers of the WRT54G/gs just has to implement a simple menu (i.e. the port forwarding menu looks like) to allow users to add their own in (as well as) outgoing rule sets on their own.

    Cause each and everyone is able to use the port forwarding filter there´s no add-on knowledge to use the firewall itself if the menu is made easily.
    Just choose out of a pop-down menu "internal network" or enter an ip-address, enter a port and the destination ("external network", ip-address).
    Maybe it would be useful to be able to define sets if you´ve more than one port or more than one destination ip-address.

    But all this isn´t a huge thing. As you can read (Avenger20 wrote in another forum) you are able to type in direct firewall commands via the command prompt or enter them under Administration-fmanagement in the pop-up windows "firewall" and this rules will be used even if the router restarts.
     
  6. zaphod

    zaphod Network Guru Member

    yep, right astaro is also linux based and its all right you are writing about firewalls...


    as mentioned before read what the user wants... do you think he could use iptables ???

    ithe WRT54G got the iptables feature but with the given hardware-restrictions its not easy to set this little box as a real firewall...
     
  7. Gheimposse

    Gheimposse Network Guru Member

    Ok ... but there´re enough guys running around pushing iptable-rules up to the router via "firewall" script in the HyperWRT firmware.
    So ... where´s the problem to offer users a easy-to-use menu like the "port forwarding" does it?
    I could see that Sveasoft seems to programm on something like this.
    They´ve a "Port_Services.asp" in their latest firmware alchemy 6.0rc4a which shows that they could offer a submenu (pop-up) where you´re able to define own services by telling protocoll and servicerange.
    Add another menu offering the definition of ip-ranges/networks and additionally the ingoing/outgoing chain (I explained in my last posting above!) and you´ve a brilliant firewall.
    For each one who didn´t like to learn how to use this extended firewall ... just leave them the standard options and offer the extended firewallsettings optional.

    Each one not willing to let ports open and also not willing to learn iptable coding ... just disable the firewall of the linksys, put a astaro behind and a switch on the lan interface of the astaro ... et voilà ... you´ve a firewall which´s easy to use.
     

Share This Page