AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Hardware > Mobile Devices and Networking


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 28th October, 2009, 05:11 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

Firewall Help

At my work we are using a Watchguard Firebox X Edge.
I have been trying to research how to connect a computer that bypasses the firewall securities so I can connect to the internet.
But, the configurations are pretty confusing. I'm not firewall expert and it would be very educational for me to learn how this works.
I have been reading in Watchguards knowledge base about the concepts of incoming & outgoing connections.
I think that I will need an "external" connection to the firewall and just have to set up the connection and assign the static IP address.

Does anyone have some tips?

I am going to use an extra computer with Linux Mint.
I like this connection because if we are having internet, VPN, or firewall problems, I can still get to the internet with this machine. Also, the firewall sometimes blocks FTP and SSH connections. So instead, I can use the Linux for updating websites, etc.
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 28th October, 2009, 05:29 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

The "external" connection is just the firewall's connection to the Internet. Typically this would just be a bit of network cable between the firewall and the router, but could be a whole network. Remember that this connection is completely unprotected - it faces the whole brunt of the Internet, so you should run a firewall on the Linux box.

Generally, you shouldn't attempt to bypass the security policy on a firewall. Instead, you should use a separate network (or the dirty network), so you don't expose other parts of the business network to unnecessary risk.

You will need a real world IP address for your Linux box. I don't know what your ISP provides - you'll need to check that they can support this.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 28th October, 2009, 05:38 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

I'm pretty sure they do. We are using Cox and our Firebox is already using a static IP address.
Are you saying our ISP will assign us a group of IP addresses for static use?
We used to have a webserver setup and it bypassed the firewall. I'm not sure how our contracted IT person configured it, but this is the same concept. Instead of a webserver I want a plain unprotected connection to the internet. But we moved locations and are now using Cox instead of Quest. So I want to configure the same setup myself instead of paying him $150.00 an hour to do it.
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 28th October, 2009, 07:29 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

For a webserver, you only have to punch a small hole (port 80) through the firewall, rather than bypassing the whole policy.

I don't know what the firewall policy/rules that have been implemented on the system, but from what I know of Firebox is that traffic going from a more trusted interface to a less trusted interface should travel outwards just fine. So, a machine on the inside should be able to access the outside without a problem. One thing that is confusing me - what exactly are you trying to do?

Most ISPs will charge for a group of IP addresses though - so that might not be the best way around it.

BTW, I'm no fan of WatchGuard products...
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 28th October, 2009, 07:41 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

Sounds like I could add the Linux IP address to the Outgoing connection on port 80.
My problem:
All of our workstations have to login to the firebox just to get internet.
The firebox will also block some FTP servers and SSH connections. Like for our website on godaddy.
In the past (when we had a T1 on DSL) our internet would stop and no one could get email, faxes or internet. I would hop on our Linux webserver and find that the internet was fine. It was either a firebox issue or a server issue. One more thing, if our server was down or being restarted, I could hop on the Linux webserver and still connect to the internet. This was important because I could still troubleshoot, research and download drivers with our server down.

So the Linux with a static IP address bypassing the firebox all together benefit me in many ways.
I want to recreate that configuration again, but with out the contracted IT person's help.

If you have a better idea let me know. I would love to try it
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 30th October, 2009, 05:52 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

I went through the New Service Wizard and set the Linux machine as an Outgoing on Port 80. But I'm just using the IP address set by the DHCP... Which means it is not a static IP address via ISP.
So how do I test the connection to see if is doing what I want?
Can I ping it from outside the firewall? say from home?
Also, do I "Allow" or "No Rule" for the firewall setting?
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Tags
bypass firewall , firebox



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is a firewall necessary? Lazgoat Data Security 21 5th February, 2005 05:31 PM
Annoying Firewall Plz Help 5|*42 CRASHED! 14 18th December, 2004 04:11 AM
firewall on 8kda3+ LBJGH EPoX MotherBoards 4 30th August, 2004 09:13 PM
NV firewall...do you use it? Nexus EPoX MotherBoards 7 18th August, 2004 08:23 PM
Firewall.... Betty OS, Software, Firmware, and BIOS 11 18th August, 2002 08:14 AM


All times are GMT +1. The time now is 05:11 PM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0