[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] IP Firewall on qube2 - Has ANYONE gotten it to work?

Subject: Re: [cobalt-users] IP Firewall on qube2 - Has ANYONE gotten it to work?
From: Jeff Davis <jdavis@xxxxxxxxxxxxxxxxxx>
Date: Tue Feb 15 09:29:52 2000

Robert,

The typos are generated by Cobalt's firewall wizard, and are notactually input when configuring the IP filter rules. Not a problem.Just tells me we have engineers, not marketing people, working onthis stuff :)

I did some poking around in various RFC docs yesterday, and a coupleof things keep popping up. 1, you always want to allow ICMP, sinceit is used to communicate failure/success in many cases. 2, DNS isnormally a UDP service, and only switches to TCP under certainconditions.

I'm beginning to think I'm going to have to just take the bull by thehorns here and go off the various RFC port assignment definitionsrather than the firewall wizard.

I would like to see the IP filter interface function in a similarfashion to the firewall wizard, esp allowing descriptions toaccompany each rule. Also, adding check boxes for UDP & TCP wouldeliminate some of the tedium of entering the rules. Just asuggestion...

----- Original Message -----
From: "Jeff Davis" <jdavis@xxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, 15 February 2000 12:04
Subject: [cobalt-users] IP Firewall on qube2 - Has ANYONE gotten it to work?

Ok, this is making me crazy...

I have gotten my primary & secondary up and running.  IP masq & NAT
all seem to be working fine.  Life gets weird when I throw IP
filtering into the mix.

Being somewhat new to this I went to cobalt's web site and used the
firewall wizard.  Input the info in my Qube 2, and voila - nothin'.
Well, almost.

POP3 & SMTP seem to work, but web, ping, and DNS are toast.
Disabling the IP Filter rectifies the problem.

Here's the filter configuration (IP addresses changed to protect the

innocent)


1.ALLOW : Source IP = ANY : Source Port = ANY : Destination IP =
206.127.4.192/27 : Destination Port = 21 : TCP
2.ALLOW : Source IP = 10.4.0.1/14 : Source Port = ANY : Destination
IP = ANY : Destination Port = 21 : TCP
3.ALLOW : Source IP = ANY : Source Port = ANY : Destination IP =
206.127.4.192/27 : Destination Port = 25 : TCP
4.ALLOW : Source IP = 10.4.0.1/14 : Source Port = ANY : Destination
IP = ANY : Destinaton Port = 25 : TCP


I don't know much about this area, but could it be as simple as the fact
that rule 4 has "Destinaton Port" instead of "Destination Port"? That was
the only misspelling I noticed, when I copied the rules into Word to see if
the rules could be simplified in any way - I couldn't see any easy way to do
that.

Regards, Rob Evans

<snip>


_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-users




Jefferson K. Davis
Technology & IS Manager
Standard School District
661-392-2110

References:
- [cobalt-users] IP Firewall on qube2 - Has ANYONE gotten it to work?
  - From: Jeff Davis
- Re: [cobalt-users] IP Firewall on qube2 - Has ANYONE gotten it to work?
  - From: Rob Evans

Prev by Date: Re: [cobalt-users] RaQ3 128-bit Secure Server Upgrade... WHEN..??
Next by Date: [cobalt-users] Blocking outside traffic. Allowing only local traffic...
Previous by thread: Re: [cobalt-users] IP Firewall on qube2 - Has ANYONE gotten it to work?
Next by thread: [cobalt-users] Best way to forward domain?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index