Understanding LNS (Help Required!)

[pantezuma]

Hi to all!
I´m new to this forum as to LNS.
I was a happy user of Kerio 2.1.5 till I upgraded my OS to Windows 7, si I decided to give LNS Trial a chance since it has such a good reputation.
My problem is that I really don´t understand how it works (internally, I guess).
So far, I have discovered that ruleset it´s not associated with applications (as it is in Kerio). You just can activate a specific rule when an application is launched, but that rule will be available for all others applications. Is that right?
That's quite strange to me... maybe cause I was so used to think in a different manner.
I´m facing several difficulties trying to configure ports...
For example, If I want to limit IE, Chrome, etc... to ports 80, 443 & 1080 how can I make that?
The other part that I just don´t understand is that in Kerio, there was no need for accepting incoming connections unless you were to stablish a server (for example with P2P software, or DHCP requests).
But I have experimented with a simple TCP Out rule for Chrome on remote port 80 and it doesn´t work if I don´t allow inbound and outbound...
What am I doing wrong?
Thanks in advance for any help!

PS: Sorry for my English!!!

[doktornotor]

Quote:

Originally Posted by pantezuma

For example, If I want to limit IE, Chrome, etc... to ports 80, 443 & 1080 how can I make that?

Go to Application Filtering, select the application, click edit, enter your TCP/UDP ports (and IPs) there (like 80;443;1080) click OK.

Quote:

Originally Posted by pantezuma

The other part that I just don´t understand is that in Kerio, there was no need for accepting incoming connections unless you were to stablish a server (for example with P2P software, or DHCP requests).

That's a feature... You need to allow incoming traffic if needed, otherwise it's denied (beyond the predefined rules, such as DNS/DHCP).

[Phant0m]

Hi pantezuma,

On the ‘Internet Filtering’ screen / Tab, right-click on an entry to bring up the context menu and visit ‘Applications...’

If you switched to ‘Advanced Mode’ found by visiting Look ‘n’ Stop ‘Options’ screen / Tab, clicking ‘Advanced options’ button. You can double-left click on an application entry in an list of application on Look ‘n’ Stop - ‘Applications Filtering’ screen and customize TCP and UDP ports and IPs. Multiple port specification 80;443;1080

[pantezuma]

Thanks both for your replies.
Another question!
As you may have noticed I´m not an expert in TCP / IP protocol, but I´m eager to learn!
Maybe I´m wrong, but when in Kerio 2.1.5 you specified an application for certaing type of incoming connection you were limiting connections for that specific application and no other application may use that.
Now, for example, I have stablished a TCP rule (allow incoming and outgoing) in my eMule port just to allow it to connect.
But as this rule is not application specific any application can be listening in this opened port. Is that correct?
Maybe Kerio worked the same way backgrounds and I never noticed...
Yesterday I ran a test in GRC on that port and it was Opened (of course eMule was running). I think that when I ran eMule with kerio the port appeared as Closed.

I don´t understand the "incoming connection" feature you mentioned. Why is that needed to allow Chrome to connect?

Thanks to both and sorry for my english again!

[Phant0m]

Hi pantezuma,

On the ‘Internet Filtering’ screen / Tab, right-click on an rule entry to bring up the context menu and visit ‘Applications...’, now associate an application to rule. When the application is running, the rule is enabled, when the application not running the rule is disabled. If you associating application to server rule, only the one application can listen on specific port at a time. soooooo;

If you hosting a webserver and let’s say the application used is called X, listening on port 80, when the X runs, the server rule to permit connections through port 80 associated with X application becomes in enabled state, the X holding port 80 and nothing else can also listen on the port 80. X application closes, and the rule state changes to disabled state.

[Phant0m]

Hi pantezuma,

An allowed / authorized application via Application Filtering is not restricted by default to send whatever packets, to whether these packets is permitted out to Internet depends on the second layer of defense .. Internet Filtering layer. However as I said previously, you can customize application destination IPs and ports at the very early stage, but you still have to have rule or rules for the application communications on the Internet Filtering screen also.



Regards,

[pantezuma]

Quote:

Originally Posted by Phant0m

Hi pantezuma,

If you associating application to server rule, only the one application can listen on specific port at a time.

Ah!!! OK!!!
I didn´t know that... I thought that the application triggered the rule but once triggered any application could take advantange of that one.
So if I let eMule (for example) listen on a certain port and associate the rule (in applications...) to eMule.exe just this software will be able to use it.
Thanks a lot for all your help and assistance!!!
I´ll practice a litle when I get home!