Ghostwall Settings, Couple of questions.

Discussion in 'Other Ghost Security Software' started by MikeNAS, Feb 25, 2008.

Thread Status:
Not open for further replies.
  1. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Hello!

    I just wound again this nice lightweight firewall and start to type my FIRST own settings. So of course I have couple of questions.

    1. Can I set more than one specific ports? Like 80, 443, 8080?

    2. Do I need loopback rule if it looks like that everything works okay without that?

    Here is my settings:

    Code:
    Description		Rule						Local IP	Local Port	Remote IP	Remote Port
    -----------------------------------------------------------------------------------------------------------------------------------
    0 > 52 [DNS]		Block All Protocols Outgoing and Incoming 	Any		Any		Any		0-52
    54 > 79	[HTTP]		Block All Protocols Outgoing and Incoming 	Any		Any		Any		54-79
    81 > 442 [HTTPS]	Block All Protocols Outgoing and Incoming 	Any		Any		Any		81-442
    444 > 464 [SMTP]	Block All Protocols Outgoing and Incoming 	Any		Any		Any		444-464
    466 > 992 [IMAP]	Block All Protocols Outgoing and Incoming 	Any		Any		Any		466-992
    994 > 8079 [HTTP]	Block All Protocols Outgoing and Incoming 	Any		Any		Any		994-8079
    8081 > 65535		Block All Protocols Outgoing and Incoming 	Any		Any		Any		8081-65535
    ALLOW			Allow All Protocols Outgoing			Any		Any		Any		Any
    DNS 1			Allow UDP Incoming				My IP		Any		My DNS 1	53
    DNS 1			Allow UDP Incoming				My IP		Any		My DNS 2	53
    BLOCK			Block All Protocols Outgoing and Incoming 	Any		Any		Any		Any
    
    If I have understand correctly what I have done then I only allow DNS, HTTP, HTTPS, SMTP and IMAP outgoing. All other is blocked. Only ingoming allowed is DNS (specific addresses).
     
  2. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    I answer myself. Yes I need Loopback rule because without that Sandboxed browser doesn't work correctly. It takes so long to start and sometime it doesn't even start. So I add new rule. Also I edit ALLOW rule so now only TCP or UDP can connect out. Now everything works perfectly.

    Code:
    Description		Rule						Local IP	Local Port	Remote IP	Remote Port
    -----------------------------------------------------------------------------------------------------------------------------------
    LOOPBACK		Allow TCP Outgoing and Incoming 		127.0.0.1	Any		127.0.0.1	Any
    0 > 52 [DNS]		Block All Protocols Outgoing and Incoming 	Any		Any		Any		0-52
    54 > 79	[HTTP]		Block All Protocols Outgoing and Incoming 	Any		Any		Any		54-79
    81 > 442 [HTTPS]	Block All Protocols Outgoing and Incoming 	Any		Any		Any		81-442
    444 > 464 [SMTP]	Block All Protocols Outgoing and Incoming 	Any		Any		Any		444-464
    466 > 992 [IMAP]	Block All Protocols Outgoing and Incoming 	Any		Any		Any		466-992
    994 > 8079 [HTTP]	Block All Protocols Outgoing and Incoming 	Any		Any		Any		994-8079
    8081 > 65535		Block All Protocols Outgoing and Incoming 	Any		Any		Any		8081-65535
    ALLOW			Allow TCP or UDP Protocols Outgoing		Any		Any		Any		Any
    DNS 1			Allow UDP Incoming				My IP		Any		My DNS 1	53
    DNS 1			Allow UDP Incoming				My IP		Any		My DNS 2	53
    BLOCK			Block All Protocols Outgoing and Incoming 	Any		Any		Any		Any
    
     
    Last edited: Feb 26, 2008
  3. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    Hi MikeNas,

    Just for your info please find my set of rules.
    Cory & Cory2 is for my DNS. FTP2 is for FTP.
    All specific remote IPs given are those of my Internet Service Provider.
    Have fun. :)
    Xtree
     

    Attached Files:

  4. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Thanks for the info. I modify my rules to simpler way and maybe tighter too. 3 rules less and everything working :D

    Code:
    Description		Rule						Local IP	Local Port	Remote IP	Remote Port
    -----------------------------------------------------------------------------------------------------------------------------------
    PORT 0 & 1		Block All Protocols Outgoing and Incoming 	Any		0-1		Any		Any
    
    LOOPBACK		Allow TCP Outgoing and Incoming 		127.0.0.1	Any		127.0.0.1	Any
    
    HTTP			Allow TCP Outgoing				My IP		1024-5000	Any		80
    HTTPS			Allow TCP Outgoing				My IP		1024-5000	Any		443
    
    IMAP			Allow TCP Outgoing				My IP		1024-5000	My EMAIL	993
    SMTP			Allow TCP Outgoing				My IP		1024-5000	My EMAIL	465
    
    DNS 1			Allow UDP Outgoing and Incoming			My IP		Any		My DNS 1	53
    DNS 1			Allow UDP Outgoing and Incoming			My IP		Any		My DNS 2	53
    
    BLOCK			Block All Protocols Outgoing and Incoming 	Any		Any		Any		Any
    
    Some ShieldsUP testing. If I choose Common ports all are stealthed. If I choose All Service Ports then 22 (SSH) is closed. Not a big deal because to me but still intresting that result is different. There is also Ping Reply but that's my router not my computer.
     
    Last edited: Feb 27, 2008
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    MikeNAS,
    If port 22 appears as closed it might mean that you have enabled "Remote administration" in your router. Check that.
    Also, don't you need a rule for DHCP? Be aware that your ruleset will cut FTP, P2P, IMAP and IM traffic. Not a big deal if you only browse and check mail throu POP.
     
  6. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Now I don't need DHCP. My new rule allow smtp and imap. I use meebo to IM and so on. I check my router now but still it's intresting that once it closed and other time stealthed.

    Here is all of my router settings:

    192.168.0.1

    ADSL Settings
    ADSL Mode :
    Use PPP : No
    PPPoE
    PPPoA
    Bridged IP
    Ethernet Uplink
    Login :
    Password :
    VPI :
    VCI :
    Obtain an IP address automatically
    Use the following IP address:
    IP address
    Subnet Mask
    Default Gateway
    DNS server

    Nothing selected so it's just some strange thing.
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Maybe a hidden option? If your router supports DNS caching/forwarding, I'd put the IPs of the DNS servers in the router and change the DNS rule in GW to point to your router.
     
  8. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    If I put OpenDNS DNS server direct to router there comes one problem. I don't have static IP.
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I must be missing something. You said that you don't use DHCP, now you tell me that you don't have static IP o_O
    Are we talking about static/dynamic IPs from the private range (10.0.0.x 192.168.0.x), right?
     
  10. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Yeah I use private range IP.
     
  11. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Then, if you don't use DHCP, you should have a static IP :doubt:
     
  12. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    My router change address every now and then.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi lucas1985,
    As I see it.
    Private (fixed IP) on home LAN (behind router),.. DHCP enabled on router for ISP.
     
  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    If you want to use alternative DNS, then set these as static within the PC (not the router)
     
  15. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Hi Stem,
    I got it, thanks :) I was going nuts :D
    Why? Is there any security risk? Are you thinking in drive-by pharming and exploits against the router (the recent Flash exploit)?
     
  16. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Yes I have done that way.
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi lucas1985,
    No, just basically due to MikeNAS having the router set to obtain IP etc from ISP, so the settings can change. Fixing the alternative DNS IP into the PC can then be permanent.
     
  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Strange, I get my public IP from my ISP and my DNS settings do not change when I get a new IP.
     
  19. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    My computer uses OpenDNS and private range IP. All are manual settings.

    My ADSL modem (router/wireless ap) gets public IP from ISP.
     
  20. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I have the same setup with the difference that I put the IPs of OpenDNS in the router.
     
Thread Status:
Not open for further replies.