Kerio 2.1.5 rules - Which DHCP rules?

Discussion in 'other firewalls' started by taytong888, Dec 12, 2006.

Thread Status:
Not open for further replies.
  1. taytong888

    taytong888 Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    138
    BZ Kerio 2x Default Replacement Update - Interpretations Help.

    Hi,
    I am looking for help deciding which DHCP rules to use, or if they are necessary at all. I have a XP SP2 laptop which is currently connecting to a DLink 624 router via cable. The router is connected to a ADSL modem. My laptop receives its IP address automatically. There's also a XP Home SP2 desktop that connects to the router but that machine shouldn't figure (has its Sygate). I am asking for help because the laptop couldn't get to the Net after setting up Kerio 2.1.5. I followed BZ Kerio 2x Default Replacement Ruleset with DHCP being on the top row of the list.

    Thanks a lot for your help.
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    If you cannot get on the net it could mean that another 3rd party firewall is still installed, but not removed, possibly not uninstalled completely. Some will block all traffic until their program is loaded as a security feature, but that also means if the uninstall didn't work correctly you have no working internet. Otherwise check your logs to see what you might be blocking that would relate to the dhcp connection protocol over udp 67 and 68, however in reality the moment your tcp/ip stack is initiated it gets to request dhcp before the os loads Kerio anyway so it seems your issue is not Kerio.

    Otherwise just follow the guide to configure the basic system rules.
     
    Last edited: Dec 13, 2006
  3. taytong888

    taytong888 Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    138
    Hi Blitzen,
    Thanks for taking time responding to a fw newbie like me. I've just finished configuring KFW rules and was able to get to the Net. To answer your comments, my mistake was not using my own IP addresses when adapting your DHCP rules. In order to be able to access a web site, I also had to do the following:

    1) Revise your Loopback Rules into 2 separate rules, for 2 ranges of remote ports.

    2) For browsers, set TCP directions to BOTH, otherwise I won't get any web page if TCP Out.

    3) Since I am on proxy, I also added another rule allowing browser to proxy:
    TCP Out......localhost address>remote proxy listening port.

    I also have the following questions:

    1) The Router Config Rule, i.e. 4th row down your default replacement list, is it applicable only in case you need to set up Kerio FW for a computer which will be configured as a router (i.e. via Linux)?

    2) For setting up e-mails, should I use TCP Out or TCP Both (directions)?

    3) Since the PrtSc button on my laptop doesn't seem to work, how do I get a snapshot of my custom firewall rules from the screen to print or post? I am asking this particular question because I can't find any button on the KFW windows allowing me to print the fw config file directly.

    I would much appreciate receiving your comments and response.

    Best regards
     
  4. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    You can combine ranges in a single rule, just use commas to separate the information. Your problem with your browser was likely related to your loopback proxy configuration, in reality what you should have to do to allow a browser out is allow it to access the localhost on the port that the proxy is listening on, this port would be excluded in the localhost ranges. One thing you should check if your use IE is to make sure that your ftp communications are passive so remote ftp servers are not trying to connect to your computer on tcp 20 when your software is acting like a server, passive ftp should be enabled unless you need to disable it to upload files through ftp with IE.

    If you do have a router, putting your routers ip(usually 192.168.1.1) will actually remove the need to setup dhcp, and possibly dns rules depending on how the router wants to handle this, however in most cases the normal dns servers are still used.

    E-mail programs should just be outbound unless your running a e-mail server which is a very different configuration, but just like the browser problem, if the loopback is misconfigured you might get prompts for inbound, however it is very unlikely. If you have to use an exchange server this might require an inbound communication, however you usually already know if this your work requires this.

    Many laptops require you to press a function key in combination with the printscreen key, just check the color of the text which might match the color of the text on the fn key, which means they have to be pressed together. I'm not really interested in seeing your ruleset personally, just remember the first rule to effect the packet will be the last, and when you make any new blocking rules make sure they are logging. If you do post it maybe somebody else might have some comments, but these days I might answer some quick questions.
     
Thread Status:
Not open for further replies.