We have recently purchased a hardware firewall and two new servers. Our goal is to install the hardware firewall between the internet connection and the servers, one of which is ISPConfig and the other is a MyDNS Server running MyDNSConfig. What ports need to be allowed IN BOUND as to not cause any issues on either of the servers. Each server will have its own INTERNAL and EXTERNAL IP address. The Hardware Firewall allows several configurations including : direct mapping of one to one IPs with the traffic wide open both ways OR one to one IPs with select traffic INBOUND and wide open OUTBOUND. Any direction is appreciated. RunneR
firewall Hi, If you have 'watchguard' type hardware firewall, you will need to do the following: assuming: Web server: 192.168.1.2 Mail server : 192.168.1.3 DSL Router: 192.169.1.99 Watchguard: 192.168.1.1 DSL router: - forward ports: 53, 80 , 443 to 192.168.1.2 forward ports: 25, 110, 143 to 192.168.1.3 Watchguard: setup IP 'drop in' as 192.168.1.1 configure services: smtp proxy, dns proxy, web proxy, pop3 Set static route: 192.168.1.2 255.255.255.0 192.168.1.1 Web server: set gateway to 192.168.1.99 MAil server: set gateway to 192.168.1.99 regards steve
Working it out. Well we have a CheckPoint Firewall. It allows rules. So this is what I have set up so far. I figure I can lock it down more as I go. ONE TO ONE - First FORWARD 1.2.3.4 TO 192.16.8.0.10 FORWARD 1.2.3.5. TO 192.16.8.0.11 Then I allow some traffic. Then I lock out the rest of the traffic. RULE /// SOURCE /// DESTINATION Allow ANY DMZ:20 - 25 (TCP) Allow ANY DMZ:80 (TCP) Allow ANY DMZ:110 (TCP) Allow ANY DMZ:143 (TCP) Allow ANY DMZ:443 (TCP) Deny ANY DMZ:*(TCP/UDP) So, am I getting close? Or have I forgotten anything?
Excellent Excellent - I am running with it this evening as a test trial. Thank you for all the help. RunneR