Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 29th May 2006, 00:24
RunneR RunneR is offline
Junior Member
Join Date: May 2006
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default ISPConfig - Behind Hardware Firewall

We have recently purchased a hardware firewall and two new servers. Our goal is to install the hardware firewall between the internet connection and the servers, one of which is ISPConfig and the other is a MyDNS Server running MyDNSConfig.

What ports need to be allowed IN BOUND as to not cause any issues on either of the servers.

Each server will have its own INTERNAL and EXTERNAL IP address.

The Hardware Firewall allows several configurations including : direct mapping of one to one IPs with the traffic wide open both ways OR one to one IPs with select traffic INBOUND and wide open OUTBOUND.

Any direction is appreciated.

Reply With Quote
Sponsored Links
Old 29th May 2006, 01:54
itgroup itgroup is offline
Join Date: May 2006
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default firewall

If you have 'watchguard' type hardware firewall, you will need to do the following:

Web server:
Mail server :
DSL Router:

DSL router: - forward ports: 53, 80 , 443 to
forward ports: 25, 110, 143 to

Watchguard: setup IP 'drop in' as
configure services: smtp proxy, dns proxy, web proxy, pop3
Set static route:

Web server: set gateway to
MAil server: set gateway to

Reply With Quote
Old 29th May 2006, 07:16
RunneR RunneR is offline
Junior Member
Join Date: May 2006
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Working it out.

Well we have a CheckPoint Firewall.
It allows rules.

So this is what I have set up so far.

I figure I can lock it down more as I go.


Then I allow some traffic.
Then I lock out the rest of the traffic.

Allow ANY DMZ:20 - 25 (TCP)
Allow ANY DMZ:80 (TCP)
Allow ANY DMZ:110 (TCP)
Allow ANY DMZ:143 (TCP)
Allow ANY DMZ:443 (TCP)

So, am I getting close?

Or have I forgotten anything?
Reply With Quote
Old 29th May 2006, 16:58
falko falko is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts

You might also want to allow port 53 (TCP and UDP) for MyDNS and 993 for IMAPs and 995 for POP3s.
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Old 30th May 2006, 04:54
RunneR RunneR is offline
Junior Member
Join Date: May 2006
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Excellent

Excellent - I am running with it this evening as a test trial.

Thank you for all the help.

Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 16:16
ISPConfig Security - Firewall cybereatl Installation/Configuration 5 2nd April 2006 18:02
ISPConfig firewall issue dwyoung Installation/Configuration 5 12th December 2005 11:26
ISPConfig Firewall and no sense MyLinux General 7 9th September 2005 18:35
Firewall and ISPConfig MyLinux General 3 7th September 2005 10:36

All times are GMT +2. The time now is 22:35.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.