ISPConfig - Behind Hardware Firewall

Discussion in 'General' started by RunneR, May 28, 2006.

  1. RunneR

    RunneR New Member

    We have recently purchased a hardware firewall and two new servers. Our goal is to install the hardware firewall between the internet connection and the servers, one of which is ISPConfig and the other is a MyDNS Server running MyDNSConfig.

    What ports need to be allowed IN BOUND as to not cause any issues on either of the servers.

    Each server will have its own INTERNAL and EXTERNAL IP address.

    The Hardware Firewall allows several configurations including : direct mapping of one to one IPs with the traffic wide open both ways OR one to one IPs with select traffic INBOUND and wide open OUTBOUND.

    Any direction is appreciated.

  2. itgroup

    itgroup New Member


    If you have 'watchguard' type hardware firewall, you will need to do the following:

    Web server:
    Mail server :
    DSL Router:

    DSL router: - forward ports: 53, 80 , 443 to
    forward ports: 25, 110, 143 to

    Watchguard: setup IP 'drop in' as
    configure services: smtp proxy, dns proxy, web proxy, pop3
    Set static route:

    Web server: set gateway to
    MAil server: set gateway to

  3. RunneR

    RunneR New Member

    Working it out.

    Well we have a CheckPoint Firewall.
    It allows rules.

    So this is what I have set up so far.

    I figure I can lock it down more as I go.

    ONE TO ONE -

    Then I allow some traffic.
    Then I lock out the rest of the traffic.

    Allow ANY DMZ:20 - 25 (TCP)
    Allow ANY DMZ:80 (TCP)
    Allow ANY DMZ:110 (TCP)
    Allow ANY DMZ:143 (TCP)
    Allow ANY DMZ:443 (TCP)
    Deny ANY DMZ:*(TCP/UDP)

    So, am I getting close?

    Or have I forgotten anything?
  4. falko

    falko Super Moderator Howtoforge Staff

    You might also want to allow port 53 (TCP and UDP) for MyDNS and 993 for IMAPs and 995 for POP3s.
  5. RunneR

    RunneR New Member


    Excellent - I am running with it this evening as a test trial.

    Thank you for all the help.


Share This Page