Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: andyjlund on September 26, 2013, 04:33:58 PM

Title: Firewalls
Post by: andyjlund on September 26, 2013, 04:33:58 PM

Does anyone know of any configurable firewall software that sits on top of SME server.  I was advised to get PFSence but that sits on its own server.  I only have one server and i want to block Peer to Peer traffic on it as it will be a firewall for a wireless hotspot.

Any suggestions will be appreciated.

Thanks
Andy

Title: Re: Firewalls
Post by: Stefano on September 26, 2013, 05:03:30 PM

please use the search link above.. your question has been answered (too) many times.. :-)

thank you

Title: Re: Firewalls
Post by: andyjlund on September 26, 2013, 05:30:12 PM

Thanks for the reply.

From what i can search for I can only see references to much older versions of SME such as v5 and v6 back in 2004.  I am using v8.  The product the posts refer to are IPCop and Smoothwall.  These may have been able to sit on top of SME before, but looking at them now, they are independent of SME.  I maybe searching wrong, but any pointers would be appreciated.

Thanks
Andy

Title: Re: Firewalls
Post by: Stefano on September 26, 2013, 05:34:23 PM

http://wiki.contribs.org/P2P_blocking

Title: Re: Firewalls
Post by: andyjlund on September 26, 2013, 05:37:47 PM

Thanks.  Helps when you know what to look for

Title: Re: Firewalls
Post by: janet on September 26, 2013, 10:52:54 PM

andyjlund

The wiki article for P2P_Blocking refers to the original forum thread (for sme7 versions),
which then refers to development for sme 8 here
http://forums.contribs.org/index.php/topic,48742.0.html
From a quick read, it does not seem that current kernel kmod versions have been released. You may need to follow up with the original author/maintainer or compile them yourself.

Also re the issue of "putting another firewall on top of your existing sme server", the general concept would be to virtualize, ie install a virtual environment eg Proxmox etc & then install pfsense (or whatever you prefer) & sme server, on the one hardware box. There are a number of virtual environments (software) available, so read the forums & elsewhere to see what suits you best.

Also you might want to look at the CoovaChilli contrib re your wireless hotspot (for improved security & control via a 3rd NIC).
Quoting from the wiki article,
"Every clients connected on this new "lan" will have to authenticate themself before coova-chilli allows traffic to pass.
Once authenticated, clients will have only web access (http/https). Of course, you can customize firewall rules to allow more access"
It limits traffic to some degree so may also be useful for blocking p2p.
Read up on what it does (also search for chillispot which the contrib is based upon).
http://wiki.contribs.org/CoovaChilli

Also there may be other ways to deal with p2p traffic eg use Dansguardian (or squidguard or similar) to prevent login to sites/servers & thus stop the initial p2p connection being established. DG or SG do not block p2p as such, as p2p can usually search for & use differing ports etc, but blocking login may prevent further p2p access or establishing of p2p connections. Your success may vary.