I was wondering if anyone could help me to think about what the best way is to block all kinds of stuff on the firewall for security reasons?

Is there a "Best Configuration" , something that isn't done automatically but that you should better do it yourself in Untangle?

I'm trying to block everything except a couple of ports that we use.

For the moment we have NO rules enabled in the Firewall.

Thanks for tips and help in advance!

Greetings

Ivan

Well keep in mind that UT has two different "firewalls".

The firewall module only filters TCP and UDP packets and runs in the virtual rack. This allows multiple firewall rulesets to be applied with creative use of the policy manager. It is really quite flexible.

The packet filter is also there, it does all protocols like ICMP, GRE and such but is system wide. It can also kill packets going into and out of the UVM software itself!

Both have to be leveraged correctly for complete security.

aren't there any rules that you suggest?

ivan,

If you are more specific in your needs, we can be more specific in our answers.

Hmmm. I'd assumed that the underlying host netfilter/iptables configuration would just shunt everything to the UVM. But you're saying that there is screening going on in the host as well?

I guess I'll go take a closer look then ...

YEAH
Block TCP and UDP any any any any any any

Hello,

I am a complete newbie can somebody help me set up the firewall rules that needs to be done based on the following?


1) allow incoming/outgoing SMTP (we host our email server internally)
2) allow web traffic (web surfing)
3) allow https access on OWA/webmail
4) block everything else

Many Thanks!

1: Default Action Block
2: Pass Any Traffic From More Trusted to LessTrusted

@hbf777

sorry but when I tried the above, there was no traffic coming in. I am sure I did something stupid. If i may, to spare myself from further embarrassment can someone please post a screen shot so I may follow it?

Hmmm. I'd assumed that the underlying host netfilter/iptables configuration would just shunt everything to the UVM. But you're saying that there is screening going on in the host as well?

I guess I'll go take a closer look then ...

Yes! The packet filter allows you to configure how IPTables covers the UVM and also allows you to control all IP protocols not just TCP and UDP. Technically speaking it is the most flexible in terms of configuration as well. However, it doesn't log, and it is system wide in effect. The rack firewall logs things, and can have as many rulesets as you have racks!

Hello,

I am a complete newbie can somebody help me set up the firewall rules that needs to be done based on the following?


1) allow incoming/outgoing SMTP (we host our email server internally)
2) allow web traffic (web surfing)
3) allow https access on OWA/webmail
4) block everything else

Many Thanks!

Complete noobie's shouldn't really be attempting this to begin with but here goes the information! ;)

On the assumption that you have a two interface Untangle, Internal and External... And that you have configured your port forwards correctly if needed. And, you want your default action to block.


The Firewall rules are as follows...
To allow outgoing SMTP traffic

Enable Rule: Checked
Action: Pass
Log: up to you
Traffic Type: TCP
Client Interface: Internal
Server Interface: External
Source Address: any
destination Address: any
source port: any
destination port: 25

Repeat the above for incoming SMTP only swap the client interface and server interfaces. You may also consider putting your mail server's internal IP in the Destination Address field. Also, once you have created the rule to allow SMTP to your mail server, the rule to allow https is identical except the port is 443.

Repeat the above for normal web traffic just change the destination port to 80, and while you're at it do it again for 443.

Use the Following for Outgoing DNS query

Enable Rule: Checked
Action: Pass
Log: up to you
Traffic Type: UDP
Client Interface: Internal
Server Interface: External
Source Address: any
destination Address: any
source port: any
destination port: 53

If you want to allow outgoing FTP... read the following

http://forums.untangle.com/showthread.php?t=4542

@sky-night

Many thanks!

Complete noobie's shouldn't really be attempting this to begin with but here goes the information! ;)


Thank you, I am in the same class of user (N3wbi3), but it is exactly what i came to look for.

A question I have wanted to ask is, How does one learn about this stuff?
(routing, NAT, firewall rules, DNS)

are there on-line resources?

I am all for OTJT, hard knocks, burn & learn, etc. but there must be an additional way?


Thanks again!
.ja.

Jim,

Outside of technical manuals and Cisco certification prep books, I would recommend http://en.wikipedia.org as an excellent source. If you click HELP from any Untangle page (hopefully you have), you will have launched our wiki. Quite often, you will see a little blue arrow heading northeast (up and to the right) after a mention of a technical term. That is almost always a link to Wikipedia. I wouldn't call it a bible, but I think it is probably THE best resource on the internet for almost anything you are looking for.

If I run into something I don't know, that's my first stop, and I do hit it on a regular basis. If you're really into learning, you probably recognize that an answer is usually a portal to a new question, and they often have those links built right into it. Its definitely worth its weight in gold.

Sorry I didn't mean that post to sound so disrespectful.

I learned most of what I know from the school of hard knocks.. with a healthy dose of Google. The thing is, if you're playing with something as potent as Exchange up front you can get yourself buried in a hurry. You're much better off starting with a test mail server running mailenable or something to get your feet wet.

As for the other basic concepts of NAT, PAT, Routing, Switching... that is definitely CCNA training manual stuff.

As for DNS... http://oreilly.com/catalog/9781565925120/ that is THE book.. written by THE man on the subject. It is a must read for any serious Internet tech. And the fact that you learn how to configure BIND while along for the ride is good too.

Jim,

Outside of technical manuals and Cisco certification prep books, I would recommend http://en.wikipedia.org as an excellent source. If you click HELP from any Untangle page (hopefully you have), you will have launched our wiki.

Yeah, the UntangleWiki has 5 tabs in my browser, and Wikipedia has two, (UT lead me to the list of TCP and UDP port numbers).

I knew it wasn't a Microsoft thing.

.ja.

Sorry I didn't mean that post to sound so disrespectful.

No Diss at all!, because:

I learned most of what I know from the school of hard knocks.. with a healthy dose of Google. The thing is, if you're playing with something as potent as Exchange up front you can get yourself buried in a hurry. You're much better off starting with a test mail server running mailenable or something to get your feet wet.

I'm ignorant enough that I didn't even see MS Exchange in that exchange, which certainly should have been a red flag! What I was looking for & found was how to approach the firewall rules, NOT setting up an Email server.

yeah, Google and Wikipedia, sometimes HowStuffWorks, whatis.techtarget.com, and definitely the manufacturers manuals ( admit, I do actually read technical manuals :rolleyes: - it's amazing the stuff that is hinted at in them). They all should have been included in my list.

You guys both pointed me to what I could not grasp, however - the CCNA prep.

And I am grateful.

.ja.

I'm ignorant enough that I didn't even see MS Exchange in that exchange, which certainly should have been a red flag! What I was looking for & found was how to approach the firewall rules, NOT setting up an Email server.


And this is where you need to be careful...

You see real security isn't just the firewall, it isn't the router, it isn't even the service you're running and trying to protect. Real security is nothing short of the constant evaluation of all systems public and private to ensure they are configured correctly. After you've made sure everything is actually running right, all you need is a decent disaster recovery plan (read backup) so you know how to rebuild in the case of an outage.

This is why most security administrators have years of experience in the IT industry in general. To do the job you need a very broad experience with all different kinds of technology. Ultimately this person needs to know as much as he can about everything. This is basically the "top job" if there ever was one.

Untangle's mission is to make this process simple, and available for the masses. The product they have produced shows this focus, they have done amazing well. So, you can get away with not knowing certain things. However, all of this goes straight out the window once you are defending a public service... Mail servers are one of the most critical, yet abused systems available. This makes them prime targets for both your attention, and the bad guys.

Somebody know what open source application use Untangle for the firewall? Not for packet filtering i know it is iptables.