Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 28th May 2006, 23:24
RunneR RunneR is offline
Junior Member
 
Join Date: May 2006
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default ISPConfig - Behind Hardware Firewall

We have recently purchased a hardware firewall and two new servers. Our goal is to install the hardware firewall between the internet connection and the servers, one of which is ISPConfig and the other is a MyDNS Server running MyDNSConfig.

What ports need to be allowed IN BOUND as to not cause any issues on either of the servers.

Each server will have its own INTERNAL and EXTERNAL IP address.

The Hardware Firewall allows several configurations including : direct mapping of one to one IPs with the traffic wide open both ways OR one to one IPs with select traffic INBOUND and wide open OUTBOUND.

Any direction is appreciated.

RunneR
Reply With Quote
Sponsored Links
  #2  
Old 29th May 2006, 00:54
itgroup itgroup is offline
Member
 
Join Date: May 2006
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default firewall

Hi,
If you have 'watchguard' type hardware firewall, you will need to do the following:

assuming:
Web server: 192.168.1.2
Mail server : 192.168.1.3
DSL Router: 192.169.1.99
Watchguard: 192.168.1.1

DSL router: - forward ports: 53, 80 , 443 to 192.168.1.2
forward ports: 25, 110, 143 to 192.168.1.3

Watchguard: setup IP 'drop in' as 192.168.1.1
configure services: smtp proxy, dns proxy, web proxy, pop3
Set static route: 192.168.1.2 255.255.255.0 192.168.1.1

Web server: set gateway to 192.168.1.99
MAil server: set gateway to 192.168.1.99

regards
steve
Reply With Quote
  #3  
Old 29th May 2006, 06:16
RunneR RunneR is offline
Junior Member
 
Join Date: May 2006
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Working it out.

Well we have a CheckPoint Firewall.
It allows rules.

So this is what I have set up so far.

I figure I can lock it down more as I go.

ONE TO ONE -
First
FORWARD 1.2.3.4 TO 192.16.8.0.10
FORWARD 1.2.3.5. TO 192.16.8.0.11

Then I allow some traffic.
Then I lock out the rest of the traffic.

RULE /// SOURCE /// DESTINATION
Allow ANY DMZ:20 - 25 (TCP)
Allow ANY DMZ:80 (TCP)
Allow ANY DMZ:110 (TCP)
Allow ANY DMZ:143 (TCP)
Allow ANY DMZ:443 (TCP)
Deny ANY DMZ:*(TCP/UDP)

So, am I getting close?

Or have I forgotten anything?
Reply With Quote
  #4  
Old 29th May 2006, 15:58
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

You might also want to allow port 53 (TCP and UDP) for MyDNS and 993 for IMAPs and 995 for POP3s.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 30th May 2006, 03:54
RunneR RunneR is offline
Junior Member
 
Join Date: May 2006
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Excellent

Excellent - I am running with it this evening as a test trial.

Thank you for all the help.

RunneR
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 15:16
ISPConfig Security - Firewall cybereatl Installation/Configuration 5 2nd April 2006 17:02
ISPConfig firewall issue dwyoung Installation/Configuration 5 12th December 2005 10:26
ISPConfig Firewall and no sense MyLinux General 7 9th September 2005 17:35
Firewall and ISPConfig MyLinux General 3 7th September 2005 09:36


All times are GMT +2. The time now is 03:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.