Current Document and Section   Other Documents  
  - Documentation
    - Howtos
  User Guide
DNS and Domains
Gateway Services Guide
Release Notes
 
 

Howtos - Advanced Firewall Tricks

Contents

Overview

The Advanced Firewall configuration page can be used to create firewall rules that cannot be created via the core firewall configuration tools in ClarkConnect. The following document shows some commonly used advanced rules.

Allowing Access to Port X from Single Remote IP Address

  • Scenario: Opening a port for remote administration but only for a particular IP address.
  • Example: Webconfig access for remote IP 69.90.141.13

Ss firewall remote one ip.png

Forwarding Port X from Single Remote IP Address

  • Scenario: Forwarding a port to the local network but only for a particular IP address.
  • Example: SSH access to 192.168.2.16 on the LAN, but only from 69.90.141.13

Ss firewall forward one ip.png

Allowing Access to Port X on a Virtual IP Address

  • Scenario: Opening a port for a virtual IP address configured on the system.
  • Example: Secure web server access on virtual IP 1.2.4.5

Ss firewall virtual ip.png

Blocking Ping/ICMP

According to Internet standards (RFCs), all hosts connected to the Internet must respond to ping requests. This requirement is outlined in RFC 1122 Section 3.2.2.6. If you would like to block all ping requests to your ClarkConnect system, you are free to do so. However, this non-standard behavior is not a configuration option in the web-based interface. There are plenty of ways to detect a system on the network, so blocking ping is not only an ineffective security precaution but also potentially quite harmful.

Retrieved from "http://www.clarkconnect.com/olddocs/Howtos_-_Advanced_Firewall_Tricks"

This page has been accessed 19,610 times. This page was last modified on 24 July 2008, at 22:21.