Seeking firewall for use with DDNS

Discussion in 'other firewalls' started by Sully, Jul 22, 2011.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hi.

    I have recently dropped my long time ISP, of which I had a static IP free of charge, for a different ISP that offers a better package for significant less money, but with a dynamic wan ip.

    This causes problems as I predicated much of my remote management upon my static ip. The router had an inbound filter binded to my static ip at home, and the port forwarding to the RDP ports (and others) were set to only forward on a matching inbound filter rule (my static ip). This is a pretty strong way to do things.

    To be even more secure, on each machine to access, I was using Outpost firewall on specific applications and ports, and only allowed my static ip. This presumed my router inbound filter would fail and I needed a software firewall that was application aware.

    All of this has changed now, of course. I have my router set to update my dyndns address, which it does do on a reboot. My dynamic ip does not appear to have a short lease, as it was up for 14 days before a power outage from a storm. The router rebooted, and the dyndns address was updated to my new ip. All is well on that front.

    My router, Dlink DIR-655 is a great router for all my use thus far, but it is limited to only accepting an IP in the inbound filter. It offers no method at all to make a rule for an inbound dynamic name. I have adjusted by allowing the inbound traffic and attempting to use the firewall to handle it.

    However, the older version of outpost v2.1 on those machines, as well as the new v7 I am trying at home, are incapable it seems of checking the dns cache (or using the dns plugin) for updated entries. When you create the rule using a domain name, it translates it to IP, and it is stuck until you remove/replace the entry. This is obviously causing problems because the IP address does change periodically.

    At this point I have been googling and found no mention on search terms for a firewall that will check the dns cache for updated infos. I can easily run a batch file to ping the dyndns address, which would refresh the cache with the correct IP address, but I cannot find a firewall which will actually check, at least once every 24 hours.

    I tried using IPSec, but it is doing the same thing, translating to IP then using that IP and not checking cache again.

    I could put the subnet of my ISP into the firewall and rely on non-standard ports and a strong password to maintain security, but this just doesn't sit well with me. I could also log into that router remotely when I wanted to access the machines, fill in my IP in an inbound filter rule, but that would require a reboot and is really just a pain to manage.

    I have looked at some home firewalls, like ZyXel and some others, but don't find any conclusive evidence that they will do this either. I do not wish to spend more than 100 to 150 on a hardware solution, and in fact would prefer to handle it with software if possible.

    So, does anyone have any experience with this? I am not willing to pay $120 more per year for a static IP, I would just as soon buy a hardware firewall first. Can anybody verify if they have seen a firewall that will do this?

    I also realize I might have to build a linux based firewall box to handle this, but again, I don't really wish to do that either.

    Sul.

    EDIT: I just heard back from ZyXel (I think that is the name), and they said all of thier products are based on IP and will not work with dynamic names.
     
    Last edited: Jul 22, 2011
  2. Yanick

    Yanick Registered Member

    Joined:
    May 3, 2011
    Posts:
    269
    This goes way over my head :D
    Still, could you send ticket or chat with Agnitum about that dns cache issue you have with Outpost? Would be nice to know what their response would be. OP FW is great product :thumb:
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    This was discussed back at least in version 2.7, maybe before that. They are not alone it would seem from what I have read thus far. In fact, even some hardware firewalls do not do this.

    Sul.
     
  4. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Hi Sully,

    I remember you mentioning once that you were a Hamachi user. Hamachi VPN would be a much simpler & secure solution, rather than opening holes in firewalls for RDP traffic.

    o_O
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Yeah, I was but I have been using LanBridger for a couple years now I guess. Actually, 2 of the servers in question are LB servers, as well as Teamspeak servers. I use LB because I don't like the hamachi connection servers being controlled by someone other than me. Not for any reason other than I experienced times when I could not connect to the hamachi servers, and thus could not connect to the hamachi virtual network I created. Once you get connected, then it is peer to peer, but relying on thier servers to be up is not an issue with LB because my server is the connection master, and if it is down, there is a problem, and one that I can fix (or my ISP), especially since I can remote into it, and even remote boot the machine.

    I used to use tightVNC a lot too. I switched to using mostly remote desktop though because it is much faster for me. Using Hamachi or LB works, but it is so very slow as well. I like VNC better for various reasons, but I get frustrated pretty fast when I am trying to do something remotely and every action has me wating. With RDP it is almost like being there. Actually, I can't believe how much faster it is.

    Anyway, good suggestion and one that I could use, but sometimes speed is everything :doubt:

    Sul.
     
Loading...
Thread Status:
Not open for further replies.