[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Qube 2 Firewall problem

Subject: RE: [cobalt-users] Qube 2 Firewall problem
From: "Bob Kirk" <rfkirk@xxxxxxxx>
Date: Sun Feb 13 13:42:45 2000

Doug,

Thank you for the info for creating a firewall, I used your advice along
with the automated info on the Cobalt page and setup a reasonable firewall
in 9 steps (the old one was 26 and didn't work).

All is well now.  Thanks for the advice based on your personal setup.

Regards,

Bob Kirk

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Doug Forman
> Sent: Sunday, February 13, 2000 12:12 PM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] Qube 2 Firewall problem
>
>
>
> > I recently installed and configured a new Qube 2.  I went to the
> > cobalt Web
> > site and used the on-line configurator to build a firewall list.
> > I printed
> > the list and carefully entered into the IP filtering part of
> the setup in
> > the Qube 2.  I enabled things like FTP, Mail, DNS, Web, Admin Web, POP,
> > News, and IMAP.  When I enable the list, I am unable to get or
> > send mail or
> > use the Web.  If I remove the last line of the rules "Deny Any,
> Any, Any,
> > Any, All" then I can use the PC's attached to the Qube 2, but
> > with the last
> > line in, I am unable to do anything.  Any suggestions?  It
> > appears that the
> > last line of the rules prevents any other port from accidentally or
> > maliciously being used.  I am not happy to have to remove it to use the
> > Qube.
>
> Hi Bob,
>
> Here are a couple things to check:
>
> 1.  Pay special attention to the <direction> of each filter.
>
> 2.  Is are your local network clients using the Qube2 for email,
> or are they
> connecting to a mail server outside your local network?  If they're using
> the Qube2 for email, you can remove the IMAP and POP filters, since those
> are email server-to-client only.  You enabled port 25 for SMTP (e-mail
> server to server), right?
>
> 3.  The purpose of the final 'deny, any all...' filter is to specificially
> deny any port that you have not specificially previously allowed.
>
> For my home-business based LAN, connected to an ISP via a full-time dialup
> connection, using dynamic IP addresses from the ISP, the settings
> I use are:
>
> 1.  Allow  192.168.0.1/24  Any  Any  Any  Any  All
>      {permit any outbound connection to any port originating from my local
> LAN}
> 2.  Deny   Any             Any  Any  Any  Any  All
>      {deny any other connection attempt from any other port to any other
> port}
>
> I know my configuration is not especically tight (in the real
> world, I would
> specificially allow each outbound protocol and port), but unlike
> some of the
> financial institutions I work with, I have no compelling security concerns
> on my lan.
>
> Hope this helps!?
>
> Doug
>
> ---
> Doug Forman, MCSE, MCSD (doug@xxxxxxxxxxx)
> Qube-Chat Moderator (qube-chat-subscribe@xxxxxxxxxxx)
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- RE: [cobalt-users] Qube 2 Firewall problem
  - From: Doug Forman

Prev by Date: RE: [cobalt-users] Re: 34 admin users?
Next by Date: Re: [[cobalt-users] Server Hacked?]
Previous by thread: RE: [cobalt-users] Qube 2 Firewall problem
Next by thread: [cobalt-users] sorry! server-status

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index