ISPConfig Security - Firewall

Discussion in 'Installation/Configuration' started by cybereatl, Mar 18, 2006.

  1. cybereatl

    cybereatl Member

    Hi there, Finally my installation past a complete week without any troubles!! :)

    So, at this time am thinking in security, I've turned on firewall on ISPConfig but I've found that when you are on Management it slow down and sometimes break connection and you have to get back and log in again, plus with ftp is painfull, am using CuteFtp first time connect quick and if you log in again sits for more than 5 min, and start to attempt 1 / 5 and never connect!!!

    Am thinking in install Astaro Firewall, I've tried go get assistance for installation and I never get it!! Do you guys know another firewall software to install in a stand alone machine!!

    Am open to ideas at this time. :rolleyes:

    Thanks
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Please check you have the right URL in /home/admispconfig/ispconfig/lib/config.inc.php and the correct ServerName in /root/ispconfig/httpd/conf/httpd.conf.

    Have you tried both active and passive mode in your FTP client?

    You could have a look at Shorewall and Monowall.
     
  3. cybereatl

    cybereatl Member

    Hi there, It seems that really now is time to install some security on my server and I got a PIV 1.6 Ghz ready to do so, but I was reading about Shorewall and Monowall, also the downloaded cd installer an 10 year license of Astaro. I have several questions to ask.

    But first, my scenario is this:

    I have a dedicated channel of 1gb
    1- 24 port switch with Bandwith management
    2- Webserver (2) one running ISPConfig and another for streaming
    3- 1 Media Station to produce videos and ftp to stream server
    4- 1 Mac computer for Graphic design
    5- 4 computers for regular usage

    Brings out a total of 10 computers.

    The intranet needs to communicate with both servers for ftp, ISPConfig and Streaming, with the switch I can set priority to those two servers and other computers can share a piece of channel.

    *How many IP addresses can be handle it for Astao/Monowall right now I use 2 for ISPConfig 1 already on use and the other one as additional, the other one is for the streaming server and all other will need an static ip address manually configured.

    *How do I need to configure my firewall box to be able to do that?
    *What settings should I pick to do this.

    Thank you for any tips or howto.
     
  4. falko

    falko Super Moderator Howtoforge Staff

    As many as you want.

    You should have a look at IPCop. it's free, and we even have a tutorial about it: http://www.howtoforge.com/perfect_linux_firewall_ipcop
     
  5. cybereatl

    cybereatl Member

    Thank you for your help Falko,

    Just a little concern about IPcop, the graphic is showing two switches but one can work, but you can set a different ip range for computers that actually work directly to the servers i.e. production 192.168.100.1 / 2 / 3 and for other computers who share internet access 192.168.2.100 /101 / xxx and so on.

    That configuration it may work ok, what do you think??

    * Once IPcop is set how will be the process for ISPConfig to be under this firewall??

    Thanks
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    As IPCop and ISPConfig run on different servers, you dont have to reconfigure ISPConfig. Just make sure you forwarded the nescessary ports from IPCop to your ISPConfig server.
     

Share This Page