Topic: Configuring the firewall part

[Frank Henning Petersen]

How can I configure the firewall part of the server? I want to be able to control each and every port, and wheater I want to have TCP or UDP trafic on the specific port. I have searched your previous messages for over an hour, but cant find any help at all. Do you all just rely on its working? I dont wanna portscan, just to be in control.

Would it be better to use some other software? I already tried smoothwall, but its already opened when just installed. Is it impossible to find any firewall that really blocks everything, until its opened by the administrator?

I downloaded this software for the firewall part, but got impressed by all the other things, email and ftp, but if the firewall part isnt configurable, I just have to continue my search?

And yes, I have read the fucking manuals.

Kindest

Frank

[Bob Todd]

1st thing Frank - we all know what rtfm stands for without you clarifying it. You'll find as I have the people on here are very tolerant when it comes to new SME users and are willing to help where they can. At the same time they expect people to have at least made the effort to search the posts to see if their questions already been answered.

The simple answer to your question as far as I've seen from reading the posts on here seems to be that there are tools available to manage port forwarding but when it comes to the other firewall configurations its a case of delving into the files and making changes manually using the text editor. If you didnt like the tools with smoothwall for controlling the firewall then you probably wont like the work involved in SME. If you are looking for a dedicated firewall I found the Gnatbox GB1000 very useful in its hardware version - cost around £4500 + VAT then another £500+VAT a year to keep updated. I'm sure others in here could recommend alternatives.

[Brian Kirk]

Hi Frank - Pleased you tried the manuals first
Check out http://www.abandonmicrosoft.co.uk/abandon/links.html.This site has links to all sorts of addons for SME that will do what you want. In particular
http://myezserver.com/downloads/mitel/contrib/
I use SME as a firewall only and install extra packages such as portforwarding, denyport, portopening, proxypass, e-smith-service-control. Between the available addons you have all the flexibility you need to turn off services and control ports, both inward and outward.
Be aware that by default all outgoing ports are open but you can close a range (or all!) with denyport. For use as a firewall as well as disabling unnecessary services I also remove the packages. I too have looked at all the alternatives such as smoothwall and have settled on e-smith as the most versatile.
Search the forums - its all there!
Good luck
brian

[schotty]

Well, I dont think you are going to find software where all the ports are blocked at first.

I would believe that the majority of Admins and whathave you would install firewall software and block all the ports what they dont need.



You could this link :
http://www.myezserver.com/downloads/mitel/contrib/portforwarding/

If its better to use other software ur just gonna have to read the fucking manuals from other software......

But im sure that if u invested a little time reading abit more chasing other sites, tha e-smith really is quite adequat......

[Bill Talcott]

By default, the SME allows any outgoing connection, and blocks any incoming connection except specifically to a running service. SME is designed for non-technical people, so this works well. There is no easy way (like a GUI) to change firewall settings, as SME is aimed at people who have no idea about that stuff, and therefore shouldn't be changing it. If there is something specific you need to change, you can control ipchains from the command line.

I don't have any need to change the firewall settings, so I don't know the ipchains syntax. But you could easily start with a closed system with a "deny all, from all, to all" command, then open individual ports from there.