importing filters to CHX-I with ROUTER firewall

hi all, i need some help on importing the chx-i filter to the console.

currently behind a D-LINK DI 604 router with SPI mode.

what i need to know is on CHX-i side:

1) what other filters do i need to IMPORT/CREATE to the console(i already DOWLOAD bind pe filter and 2.6 filters but not yet import to the console) so that the filters wont overlap with the router's SPI mode.

YOUR ANSWER:

2) in the CHX-I console,where do i IMPORT/CREATE the filters because there are 3 places that i can import the filters:

a) Packets Filters( GLOBAL )

B) iNTERFACE :LOCAL AREA CONNECTION(MAC:XXXX)

C) BELOW THE iNTERFACE IP:192.168.0.1

YOUR ANSWER: A , B, OR C ?


this is a off topic question(i'm new to this router staff):

if i were to configure my ip in the FILTERS , which IP should i use:

my WAN IP: (without router) or my current Lan IP :192.168.0.1 (with router).

thanksyou in advance

 

Let me ask you if you don't mind, the DLink does a good job for SPI inbound, why would you wish to add another SPI to that already as CHX too is inbound only, why not add a app based outbound like Zone Alarm with inbound SPI turned off, much better solution that way.

 

hi arup,thanks for yr quick respond.

well the reason i thought using CHx-i was because i want to HARDEN or compliment with the D-link router. that why i want to config the filters so that it will not OVERLAP what the router had already cover.

for eg. if the router already had SPI mode than on the CHX-i filters i will not create another rule in CHX-i.

or there is no need to have CHX-i at all ?

i had APPDEFEND so it cover the outbound.

"why not add a app based outbound like Zone Alarm with inbound SPI turned off, much better solution that way."

thanks

 

Since you have app defend and the router is doing inbound SPI, for hardening the OS, try Harden IT from www.yasc.net this would be a better solution, if you really like CHX, then put your router in bridge mode and run with CHX alone like I do. The problem is you have no way of knowing the SPI rules in D Link so chances are likely for your CHX rules to overlap instead of compliment.

 

thanks again for your advise.

you are right about the router spi mode,which is just a on /off mode so nothing i can configure.

and you are right ,the reason i kept CHX-i because i really like it and it can be configure the filter i want individually.

question:

what if i off the SPI mode in the router but still leave the basic rule on in the router,and import the filters to CHX-i instead.will that defeat the purpose of having a router in the first place.

regrading the HARDEN-IT, i will check out .

thanks for yr patiance and enlightenment

 

Yep,thats a good possibility, since you are already behind NAT, you are hidden from port scans, but if someone does manage to come on behind your router, then CHX will protect you, you can also try bridging the router and use RASPPPoE like I am doing, some find it faster than router mode alone, especially for P2P.

 

hi arup, thanks again

ok, for the 'raspppoe' ,what i see on my router configure consol the "PPPOE' it meant for most DSL users.

As i'm using a cable modem,i choose auto detection .

back to the first question, if now i choose to off the SPI mode on my router i can now create or import filter to CHX-i ,so :

1) what other filters do i need to IMPORT/CREATE to the console(i already DOWLOAD bind pe filter and 2.6 filters but not yet import to the console) so that the filters wont overlap with the router's SPI mode.

YOUR ANSWER:

2) in the CHX-I console,where do i IMPORT/CREATE the filters because there are 3 places that i can import the filters:

a) Packets Filters( GLOBAL )

B) iNTERFACE :LOCAL AREA CONNECTION(MAC:XXXX)

C) BELOW THE iNTERFACE IP:192.168.0.1

YOUR ANSWER: A , B, OR C ?

 

sorry the first question already answered.

just the 2nd question.

thanks

 

You will import the filter for your WAN inteface, the IP should be the one of your net, not LAN.

 

funny thing is that the ip shown in CHX-i is my lan 192.168.0.106. .how do i change to my wan.

 

You have to select PPP WAN interface under CHX, your IP shown is what your router is giving to your system since I assume you are doing DHCP in router and not using a static LAN address.

 

only the LAN interface show up under it is my router ip:192.168.0.106
yes,i am using a dynamic dhcp. cause i'm using cable modem.

so far the filters have been import to the interface

http://img215.imageshack.us/my.php?image=screenshot0012qu.jpg

what the filter capture here are just from my 192.168.0.1 gateway ip.


http://img215.imageshack.us/my.php?image=screenshot0022ge.jpg


is this what it suppose to show.i guess the router does it jobs well that most of the blocking are already done at it end.

 

As I said, its redundant to use CHX as its inbound only and your router seems to be doing that job quite well.

 

Are all your ports closed, as if any are open its useful to have inbound protection on the machine those ports are forwarded to, I recently have logged some potentional malicous connections; unfortunatly I did'nt have any firewall so my machine responded to these ICMP connecitons.