Re: [m0n0wall] My Firewall Doesn't Appear to Work Properly.... I think??

From:	Christoph Hanle <christoph dot hanle at leinpfad dot de>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] My Firewall Doesn't Appear to Work Properly.... I think??
Date:	Fri, 10 Mar 2006 07:03:03 +0100

James Harrington schrieb:
> I have the following rules on my firewall LAN interface
> 
>  
> 
> Allow LAN to Anywhere (protocol tcp port 80)
> 
> Allow LAN to Anywhere (protocol tcp port 443)
> 
> Allow LAN to Anywhere (protocol tcp port 1863)
> 
> Deny LAN ALL to ALL
> 
>  
> 
> My understanding of the above configuration means that the only ports users
> would be able to access are 80, 443, and 1863.  However all of my users have
> the ability to reach port 6098 which this the portal I am using for the web
> interface on my m0n0wall.
IMHO its a bug in the concept of initial configuration of the m0n0wall.
in the short way you have to do following:
- Allow DNS to M0n0 internal IP from LAN
- Allow ICMP to anywhere from LAN
- Allow HTTPS (or the later changed port) from your AdminPC to M0n0 
internal IP
- Deny all to M0n0 internal IP from LAN, log
- allow 80,443,1863 from LAN to anywhere
- deny all from LAN to anywhere, log
- change Webgui to HTTPS and change the port
- disable webGUI anti-lockout on the advanced page
- reboot

bye
Christoph
> 
>  
> 
> Can anyone tell me what I have done wrong.  I don't want my users to be able
> to get to anything other than HTTP, SSL, and MSN
> 
>  
> 
> Thanks
> 
>  
> 
> James
> 
> 


-- 
last words:
"let's make the backup tomorrow"