ISPConfig Security - Firewall

[cybereatl]

Hi there, Finally my installation past a complete week without any troubles!!

So, at this time am thinking in security, I've turned on firewall on ISPConfig but I've found that when you are on Management it slow down and sometimes break connection and you have to get back and log in again, plus with ftp is painfull, am using CuteFtp first time connect quick and if you log in again sits for more than 5 min, and start to attempt 1 / 5 and never connect!!!

Am thinking in install Astaro Firewall, I've tried go get assistance for installation and I never get it!! Do you guys know another firewall software to install in a stand alone machine!!

Am open to ideas at this time.

Thanks

[falko]

Quote:

Originally Posted by cybereatl

So, at this time am thinking in security, I've turned on firewall on ISPConfig but I've found that when you are on Management it slow down and sometimes break connection and you have to get back and log in again,

Please check you have the right URL in /home/admispconfig/ispconfig/lib/config.inc.php and the correct ServerName in /root/ispconfig/httpd/conf/httpd.conf.

Quote:

Originally Posted by cybereatl

plus with ftp is painfull, am using CuteFtp first time connect quick and if you log in again sits for more than 5 min, and start to attempt 1 / 5 and never connect!!!

Have you tried both active and passive mode in your FTP client?

Quote:

Originally Posted by cybereatl

Am thinking in install Astaro Firewall, I've tried go get assistance for installation and I never get it!! Do you guys know another firewall software to install in a stand alone machine!!

You could have a look at Shorewall and Monowall.

[cybereatl]

Hi there, It seems that really now is time to install some security on my server and I got a PIV 1.6 Ghz ready to do so, but I was reading about Shorewall and Monowall, also the downloaded cd installer an 10 year license of Astaro. I have several questions to ask.

But first, my scenario is this:

I have a dedicated channel of 1gb
1- 24 port switch with Bandwith management
2- Webserver (2) one running ISPConfig and another for streaming
3- 1 Media Station to produce videos and ftp to stream server
4- 1 Mac computer for Graphic design
5- 4 computers for regular usage

Brings out a total of 10 computers.

The intranet needs to communicate with both servers for ftp, ISPConfig and Streaming, with the switch I can set priority to those two servers and other computers can share a piece of channel.

*How many IP addresses can be handle it for Astao/Monowall right now I use 2 for ISPConfig 1 already on use and the other one as additional, the other one is for the streaming server and all other will need an static ip address manually configured.

*How do I need to configure my firewall box to be able to do that?
*What settings should I pick to do this.

Thank you for any tips or howto.

[falko]

Quote:

Originally Posted by cybereatl

*How many IP addresses can be handle it for Astao/Monowall right now I use 2 for ISPConfig 1 already on use and the other one as additional, the other one is for the streaming server and all other will need an static ip address manually configured.

As many as you want.

Quote:

Originally Posted by cybereatl

*How do I need to configure my firewall box to be able to do that?
*What settings should I pick to do this.

Thank you for any tips or howto.

You should have a look at IPCop. it's free, and we even have a tutorial about it: http://www.howtoforge.com/perfect_linux_firewall_ipcop

[cybereatl]

Thank you for your help Falko,

Just a little concern about IPcop, the graphic is showing two switches but one can work, but you can set a different ip range for computers that actually work directly to the servers i.e. production 192.168.100.1 / 2 / 3 and for other computers who share internet access 192.168.2.100 /101 / xxx and so on.

That configuration it may work ok, what do you think??

* Once IPcop is set how will be the process for ISPConfig to be under this firewall??

Thanks

[till]

Quote:

Originally Posted by cybereatl

Once IPcop is set how will be the process for ISPConfig to be under this firewall??

As IPCop and ISPConfig run on different servers, you dont have to reconfigure ISPConfig. Just make sure you forwarded the nescessary ports from IPCop to your ISPConfig server.