Kerio help me

Discussion in 'other firewalls' started by AAP, Jul 12, 2003.

Thread Status:
Not open for further replies.
  1. AAP

    AAP Guest

    Hello,To all

    Well here i go again i just Installed Kerio
    again 3 times i still don't get it could one of
    you here help this old guy out please i have
    some gif's if you need them just ask

    Ver 2.15 on WinXp Home

    Thank you :oops:
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada

    Attached Files:

  3. AAP

    AAP Guest

    Hello,CrazyM

    First thanks for taking the time to reply to me
    now i had a look at the links you posted i'm
    still like Huh need help with how to place the
    rules where they go now like i just said this

    makes now 3 times i have Installed this FireWall
    i can't let it go so any help at all but step by step
    please how do you know what gos where i don't
    get it & as for the applications well you see what
    i am saying hey can i use the rules from LnS with this

    I thank you :)

    Hey,Paul

    If you see this just like to say hi & hope
    all is great for you & family ;)
     
  4. AAP

    AAP Guest

    Hi,CrazyM

    Ok these here

    Customizing Rules

    1.System Wide
    2.Global Permit/Block
    3.Application
    4.Final Block

    i just had a look again so this is how to place
    them where they go & do i use them as you posted
    them or is that a bad idea now that i Installed it
    again i have not used it should i go on & use the
    FireWall or hold to i add the new ones

    Good luck :D
     
  5. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    One thing you should understand about rule based firewalls in general is they are highly complex in nature, and you need to have a willingness to learn on your own so you can setup your own comfort level of control in you rules.

    Here is yet another example, but its older. Please refer to the attached image for some updates, but if you take your time, read the material, try to understand what your doing you will be helping yourself while setting up your configuration.
    http://www.broadbandreports.com/forum/remark,2896630~root=kerio~mode=flat

    Sorry, wrong image, but most of the information will work with the link I gave, this was for another example. You should still look at this before the old example.
     

    Attached Files:

  6. AAP

    AAP Guest

    Hello,BlitzenZeus

    First i thank you for taking the time to help me
    & for the gif & link now that said last night i again
    Uninstall/Reinstalled this FireWall hmmmm i just can
    not let it go :rolleyes: ok here is the problem i am having

    now if i where to use say something like this
    would that get me going tell i go looking for more
    info on rules & how to use them

    1.DHCP

    2.Inbound ICMP / Outbound ICMP

    3.DNS

    4.Loopback

    5.Explorer

    6.My Apps

    7.Block rules

    Or am i way off here let me know

    Good luck :'(
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi AAP

    You are on the right track for your system rules. Basic rules to get most people up and running before any customizing:

    Inbound ICMP - allow type 0, 3, 8
    Outbound ICMP - allow type 3, 8

    DNS - allow UDP, direction either, remote port 53

    DHCP - allow UDP, direction either, local port 68, remote port 67

    Loopback - allow UDP/TCP, direction either, remote address 127.0.0.1

    These rules would be at the top of your rule set. Rules are processed top to bottom. Once a rule is matched, no further filtering occurs.

    Do you really mean Explorer or Internet Explorer?

    Your application rules.

    Block Inbound - block Any, direction inbound, local port Any, remote address Any, remote port Any, enable logging. This rule would go at the bottom of your rule set and block any unsolicited inbound traffic. Having this rule and logging it just stops you from getting continual pop ups in regards to this traffic. The firewall will still prompt you for any outbound requests not covered by your rules.

    You might want to post a screenshot of your rule set and we can offer specific suggestions from there.

    Regards,

    CrazyM
     
  8. AAP

    AAP Guest

    Hello,CrazyM

    Thanks for the help now i will try what you just
    posted & come back with a gif or 2 now i am going
    to do it like i posted from top to bottom

    I thank you for your help

    Good luck
     
  9. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Sure you can start with a basic example ruleset like in my examples, or CrazyM's examples while learning as these are almost all system rules which everybody needs in some form. However the main point it to understand the rules you are setting in place.

    I think you just need to find enough spare time to read through the information, and see if you understand what your doing. What got me to understand rule based firewalls was logging everything, and then figuring out what I needed to allow and block. I started with a rule based firewall more complex than Kerio, it was called AtGuard, and it took me a while to figure it out. I had a little help, but nothing like these examples or images I provide for other people to view. I had to learn most of this stuff on my own before there were all these help sites that dealt with personal firewalls. I was using AtGaurd before ZoneAlarm came out if that gives you any idea, and I think ZA is way too simplistic for my needs :cool:
     
  10. AAP

    AAP Guest

    Hello,Guy's

    Ok i added some of the new rules & i gave it
    a run but here is what happen when i went
    online a box came up that said this

    Internet Explorer from your computer wants
    to send UDP datagram to an IP # so i would hit
    no & no page would load so i gave it a run again
    but this time i click ok & the pages would load

    i then had a look at the firewall & had 2 IE icons
    & an icon of the FireWall so i delete both of them
    i then removed the IP i was using for DNS & i
    used the IP that both IE & KPF where asking for

    & all the pages started to load with no problems
    but here is what i don't get i ran some port test
    well i ran 3 test & all was good but when i looked
    at the IP it was the one that i removed from DNS
    not the new IP that both IE & KPF where asking for

    Help do i have a problem here or is it that i did
    something dumb here what is new

    Thank you
     
  11. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi AAP

    Without some more details as to what you were actually being prompted for, it's hard to say what the issue was.

    Could you post a screenshot of rule set we have something to work with.

    Regards,

    CrazyM
     
  12. AAP

    AAP Guest

    Hello,CrazyM

    Ok these wher them

    1) Internet Explorer from your computer wants to send
    UDP datagram to & it was an IP #

    Then right away i would get this here

    2) KPF from your computer wants to send UDP
    to & again the same IP as before

    so when i would click no & would not load any
    website when i would click Yes then they would load
    so i had a look at the FireWall & there was
    a new IE icon & also KPF so here is what i did

    i removed the 2 icons then i removed the IP
    from the DNS rule & replaced it with the one
    from that box i was gething & all was good
    am i ok here or did i do something wrong

    if you need i will post some gif's for you

    Thank you
     
  13. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi AAP

    Without knowing the remote IP and remote service/port I would only be guessing. The screenshot or complete log entries would help.

    Regards,

    CrazyM
     
  14. AAP

    AAP Guest

    Ok here you go IP was this 68.9.16.25
    & the port was this Port 53

    hmmm i can't add a gif file

    Thank you
     
  15. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    That will be a DNS request. Have you restricted your DNS rule(s) to specific remote IP's? That IP resolves to Cox Communications, is that your ISP?

    Forgot to mention, you have to be a registered member to post images.

    Regards,

    CrazyM
     
  16. AAP

    AAP Guest

    Hi,CrazyM

    Yes cox.net but why did it work after i
    removed what ipconfig said was my IP
    & used that new IP :eek:

    Yes i keep trying to get the new password
    & i keep gething E-Mail sent & i go & have a
    look & as always nothing there lol

    Thank you
     
  17. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    "...my IP"o_O Did you use your public IP or DNS servers?

    When you run "ipconfig /all" make note of the DNS servers and add them to your custom addresses.

    Then modify your DNS rule:
    Allow, Protocol - UDP, Direction - Both, Remote Address - Custom Addresses, Remote Port - 53.

    Regards,

    CrazyM
     

    Attached Files:

  18. AAP

    AAP Guest

    Hi,CrazyM

    Ok thank you that's just what i did was not
    sure if it was the IP or DNS Servers you know
    why is it that you show a lot more IPs then i do

    here is how i did it ipconfig
    Or should i try ipconfig /All

    & if there are more then one DNS Servers
    do i add them all or just the first one

    I thank you
     
  19. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Run "ipconfig /all" and that should list all your DNS servers as in the image in my previous post. How many DNS servers your ISP uses may differ from mine.

    Regards,

    CrazyM
     
  20. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    My isp changes the dns servers every time I dial-in, and they have about twelve rotating servers they assign. So with Kerio I had to use a Alert rule which should be in a previous example to block programs from trying to tunnel out by faking dns type packets to capture when I needed to add another isp dns server to my custom address list. I first verified the the dns address with ipconfig, and then added it.

    Some isp's don't do this annoying practice, its annoying when your trying to strictly secure your computer, and you might be assigned the same two dns servers for a long time on that provider so you could easily put those in one to two rules. Otherwise the custom address group is quite useful also.
     
  21. AAP

    AAP Guest

    Hello,CrazyM

    I would like to thank you & all who helped me
    with Kerio so far all is great the pages are loading
    a lot faster are there any other rules you know of
    that will maybe help with Pop-up & Spyware just
    would like to know & to BlitzenZeus yes i did

    the ipconfig /All & a big # of IP's showed up
    so are you saying that if i like i can add more
    then one DNS IP or do i have it wrong so far
    i like this FireWall

    I thank you all
     
  22. AAP

    AAP Guest

    Hello,Guy's

    I just added a lot more rules & this puter is
    running great much faster then before i will
    add the to all my puters oh but one thing

    you know that check MD5 now the idea
    of this is to check for any changes to the
    software it looks after Yes/No if it is to
    tell you that something has changed then

    please tell me why when i Uninstall say
    my Ad-Aware Build 162 to the Latest 181
    which i have Installed in the same place
    i think it should have picked it up right or
    am i wrong here well you have a good one

    Good luck
     
  23. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    It has been awhile since I have run Kerio, but it should prompt and advise of a change when the updated program tries to access the the network for the first time. You can also manually check/confirm/update the MD5 from the list.

    Regards,

    CrazyM
     
  24. AAP

    AAP Guest

    Hello,CrazyM

    Will had to Uninstall Kerio again & reinstall
    now 5 times each time i go to windows update
    & download & install an update & i restart the
    puter i end up with about 4 rules all the others
    go bye bye also i ran a test on my self with that
    MD5 like you said by doing it manually

    no good at all i get no warning at all that
    anything has changed this is not good right
    well like i said i like the FireWall so i will keep
    working on it tell i can get it the way i want

    Thanks for all the help

    Good luck
     
  25. AAP

    AAP Guest

    Hi,CrazyM

    Sorry if you see paul please tell him i said
    hi & the best to him & family & the site is great

    Good luck
     
Loading...
Thread Status:
Not open for further replies.