[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Qube 2 Firewall problem

Subject: RE: [cobalt-users] Qube 2 Firewall problem
From: "Doug Forman" <doug@xxxxxxxxxxx>
Date: Sun Feb 13 10:15:12 2000

> I recently installed and configured a new Qube 2.  I went to the
> cobalt Web
> site and used the on-line configurator to build a firewall list.
> I printed
> the list and carefully entered into the IP filtering part of the setup in
> the Qube 2.  I enabled things like FTP, Mail, DNS, Web, Admin Web, POP,
> News, and IMAP.  When I enable the list, I am unable to get or
> send mail or
> use the Web.  If I remove the last line of the rules "Deny Any, Any, Any,
> Any, All" then I can use the PC's attached to the Qube 2, but
> with the last
> line in, I am unable to do anything.  Any suggestions?  It
> appears that the
> last line of the rules prevents any other port from accidentally or
> maliciously being used.  I am not happy to have to remove it to use the
> Qube.

Hi Bob,

Here are a couple things to check:

1.  Pay special attention to the <direction> of each filter.

2.  Is are your local network clients using the Qube2 for email, or are they
connecting to a mail server outside your local network?  If they're using
the Qube2 for email, you can remove the IMAP and POP filters, since those
are email server-to-client only.  You enabled port 25 for SMTP (e-mail
server to server), right?

3.  The purpose of the final 'deny, any all...' filter is to specificially
deny any port that you have not specificially previously allowed.

For my home-business based LAN, connected to an ISP via a full-time dialup
connection, using dynamic IP addresses from the ISP, the settings I use are:

1.  Allow  192.168.0.1/24  Any  Any  Any  Any  All
     {permit any outbound connection to any port originating from my local
LAN}
2.  Deny   Any             Any  Any  Any  Any  All
     {deny any other connection attempt from any other port to any other
port}

I know my configuration is not especically tight (in the real world, I would
specificially allow each outbound protocol and port), but unlike some of the
financial institutions I work with, I have no compelling security concerns
on my lan.

Hope this helps!?

Doug

---
Doug Forman, MCSE, MCSD (doug@xxxxxxxxxxx)
Qube-Chat Moderator (qube-chat-subscribe@xxxxxxxxxxx)

Follow-Ups:
- RE: [cobalt-users] Qube 2 Firewall problem
  - From: Bob Kirk

References:
- [cobalt-users] Qube 2 Firewall problem
  - From: Bob Kirk

Prev by Date: Re: [cobalt-users] PHP and Msql
Next by Date: Re: [[cobalt-users] Server Hacked?]
Previous by thread: [cobalt-users] Qube 2 Firewall problem
Next by thread: RE: [cobalt-users] Qube 2 Firewall problem

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index