Setting up a LAN/VPN Firewall
Spicy Meatball
Thread Starter
Join Date: Jan 2004
Location: Liverpool UK
Age: 42
Posts: 1,115
Likes: 0
Received 0 Likes
on
0 Posts
Setting up a LAN/VPN Firewall
We are setting up a network as part of one of the final year modules at University and we need some guidance from the networking experts out there!
We have one server (WinServer 2003) and 3 clients (XP Prof). We will be using a standard switch, and CAT 5 etc, within the compounds of our classroom.
We are challenged to set up a secure network, with a VPN (Virtual Private Network) and I have been put in charge of installing, and configuring the firewall(s) (or "a" firewall).
Basicall, can anyone advise me on the following:
What firewall to use?
Best way to go about configuring it?
Any firewall advice/issues that may be relevant?
I am asking a lot here, so any help will be received gratefully
Any advice on any of the topics you think may be an issuse are welcome.
Many thanks,
Maz
I know firewalls have been discussed before, I am aiming for a more personal viewpoint for the LAN
We have one server (WinServer 2003) and 3 clients (XP Prof). We will be using a standard switch, and CAT 5 etc, within the compounds of our classroom.
We are challenged to set up a secure network, with a VPN (Virtual Private Network) and I have been put in charge of installing, and configuring the firewall(s) (or "a" firewall).
Basicall, can anyone advise me on the following:
What firewall to use?
Best way to go about configuring it?
Any firewall advice/issues that may be relevant?
I am asking a lot here, so any help will be received gratefully
Any advice on any of the topics you think may be an issuse are welcome.
Many thanks,
Maz
I know firewalls have been discussed before, I am aiming for a more personal viewpoint for the LAN
Join Date: Sep 2002
Location: Chichester, UK
Posts: 1,650
Likes: 0
Received 0 Likes
on
0 Posts
Not really something I know much about (but when did that ever stop me? ), but I'd look at smoothwall as a firewall (because it's free, and, I believe, highly configurable - the standard consumer firewalls will probably be a bit limited). Also, for testing it, I'd take a look at nmap. Playing with the latter taught me a fair bit about what my firewall could and couldn't do.
edit: http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html may be a bit old, but it might be useful for the basics. Don't know what level i'm pitching at.
edit: http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html may be a bit old, but it might be useful for the basics. Don't know what level i'm pitching at.
Mazz
Is this VPN all within the same subnet ? or are the clients and server on seperate subnets via the internet ?
Advice changes with the configuration used, for a real VPN I would use Cisco VPN
Recommend Managing Cisco Network Security
Is this VPN all within the same subnet ? or are the clients and server on seperate subnets via the internet ?
Advice changes with the configuration used, for a real VPN I would use Cisco VPN
Recommend Managing Cisco Network Security
Spicy Meatball
Thread Starter
Join Date: Jan 2004
Location: Liverpool UK
Age: 42
Posts: 1,115
Likes: 0
Received 0 Likes
on
0 Posts
Ok, there is one server - Imagine a room with 4 computers in, well basically, that's it (3 clients). We also have to connect it to the WAN for internet access, and we need to set up a remote access.
Join Date: May 2002
Location: Cheshire, UK
Age: 56
Posts: 500
Likes: 0
Received 0 Likes
on
0 Posts
So presumable the VPN will be used across the Internet connection for Remote Access ? Is Remote Access required to all clients or just the Server ?
It is this (the VPN service) therefore, and the Internet connection itself which is is need of being firewalled ?
It is this (the VPN service) therefore, and the Internet connection itself which is is need of being firewalled ?
Join Date: Jan 2002
Location: UK
Posts: 369
Likes: 0
Received 0 Likes
on
0 Posts
As you are tasked to do this for collage I suspect you have been provided with all the equipment you need, I therefore have just done a quick search on Microsoft's site and found the following links that may be of use to you.
http://www.microsoft.com/resources/d..._vpn_und13.asp
http://www.microsoft.com/resources/d...f_vpn_uzuu.asp
http://www.microsoft.com/resources/d...erver_role.asp
http://www.microsoft.com/resources/d...g_vpn_us26.asp
http://www.microsoft.com/seminar/sha...2/manifest.xml
There is more information on the Microsoft site you can trawl through. You may also find some of their patterns ans practices documentation useful.
http://www.microsoft.com/resources/d..._vpn_und13.asp
http://www.microsoft.com/resources/d...f_vpn_uzuu.asp
http://www.microsoft.com/resources/d...erver_role.asp
http://www.microsoft.com/resources/d...g_vpn_us26.asp
http://www.microsoft.com/seminar/sha...2/manifest.xml
There is more information on the Microsoft site you can trawl through. You may also find some of their patterns ans practices documentation useful.
Join Date: Sep 2002
Location: London, UK
Posts: 778
Likes: 0
Received 0 Likes
on
0 Posts
Ok, there is one server - Imagine a room with 4 computers in, well basically, that's it (3 clients). We also have to connect it to the WAN for internet access, and we need to set up a remote access.
If you use NAT then you'll tell your firewall which of your internal machines to forward VPN requests to, which presumably will be the server machine.
There are dozens of ways to do this really; the choice of what is best depends on your precise needs, your inclination towards different types of hardware, whether you've already been assigned certain equipment and/or a budget and so on.
Join Date: Aug 2003
Location: USA
Posts: 261
Likes: 0
Received 0 Likes
on
0 Posts
Spicy Meatball
Thread Starter
Join Date: Jan 2004
Location: Liverpool UK
Age: 42
Posts: 1,115
Likes: 0
Received 0 Likes
on
0 Posts
Ok here's how it is.
We need to decide on 2 firewalls - and configure them out. I had a look at the above it looks like it's for Linux (any other network dedicated one's?) There is free one's such as Sygate and ZoneAlarm but are these gonna be any good?
We need to set up the VPN - I can google this no problem but if anyone has any guides that would be good.
Thanks again,
Maz
We need to decide on 2 firewalls - and configure them out. I had a look at the above it looks like it's for Linux (any other network dedicated one's?) There is free one's such as Sygate and ZoneAlarm but are these gonna be any good?
We need to set up the VPN - I can google this no problem but if anyone has any guides that would be good.
Thanks again,
Maz
Spicy Meatball
Thread Starter
Join Date: Jan 2004
Location: Liverpool UK
Age: 42
Posts: 1,115
Likes: 0
Received 0 Likes
on
0 Posts
Evo - does Smoothwall work on Windows Server?
What about using Sygate, Zonealarm etc? The free ones - would they be any good? I am coming to a conclusion soon so that'll be it
What about using Sygate, Zonealarm etc? The free ones - would they be any good? I am coming to a conclusion soon so that'll be it
Plastic PPRuNer
Try FREESCO http://www.freesco.org/
Been using it for a couple of years to protect my intranet. No worries.
"FREESCO is based on the Linux operating system and incorporates many of the features of a full operating system into software that fits on a single 1.44 meg floppy diskette. With FREESCO, you can make:
* a simple bridge with up to 10 Ethernet segments
* a router with up to 10 Ethernet segments
* a dialup line router
* a leased line router
* an Ethernet router
* a dial-in server with up to 10 modems (with multiport modems).
* a time server
* a dhcp server
* a http server
* a ftp server
* a dns server
* a print server (requires TCP/IP printing client software)
FREESCO also incorporates firewalling and NAT which are resident within the Linux kernel to help protect you and your network. All of these features can be used in conjunction with each other or individually."
Been using it for a couple of years to protect my intranet. No worries.
"FREESCO is based on the Linux operating system and incorporates many of the features of a full operating system into software that fits on a single 1.44 meg floppy diskette. With FREESCO, you can make:
* a simple bridge with up to 10 Ethernet segments
* a router with up to 10 Ethernet segments
* a dialup line router
* a leased line router
* an Ethernet router
* a dial-in server with up to 10 modems (with multiport modems).
* a time server
* a dhcp server
* a http server
* a ftp server
* a dns server
* a print server (requires TCP/IP printing client software)
FREESCO also incorporates firewalling and NAT which are resident within the Linux kernel to help protect you and your network. All of these features can be used in conjunction with each other or individually."
Join Date: Aug 2002
Location: Ormskirk, Lancashire.
Posts: 23
Likes: 0
Received 0 Likes
on
0 Posts
Evo - does Smoothwall work on Windows Server?
What about using Sygate, Zonealarm etc? The free ones - would they be any good? I am coming to a conclusion soon so that'll be it
What about using Sygate, Zonealarm etc? The free ones - would they be any good? I am coming to a conclusion soon so that'll be it
Smoothwall is Linux based but you do not need any Linux experience to set it up or use it. I setup my first Smoothie before I knew anything about Linux. Zonealarm is a client firewall and will protect one PC only. If you have 10 clients the configuring 10 clients becomes a chore. Smoothwall will protect the entire LAN.
You are welcome to come see my setup anytime.
Spicy Meatball
Thread Starter
Join Date: Jan 2004
Location: Liverpool UK
Age: 42
Posts: 1,115
Likes: 0
Received 0 Likes
on
0 Posts
Is it just me or have you guys just done mazzy's work for a whole term, thus allowing him to perpetuate the myth that all students are lazy and always down the pub ?
To be honest, not only did I need severe help on this, but I would have used it as a very good reference to my research. Tutor told me today that he is supplying us with a package called CHECKPOINT - never seen it but according to him, it;s the best one to use. Why the to55er couldn't tell us this from the start I will never understand. Lecturers, eh, lazy and always in the pub .................
Thanks Paul - will probably take you up on that offer at some point
Join Date: Feb 2001
Location: Abroad
Posts: 520
Likes: 0
Received 0 Likes
on
0 Posts
I do wonder what they teach at Uni, if a final year student can't knock up a firewall/vpn, no matter what subject they are studying. Basic computing/IT skills are a necessity in this day and age. No offence meant, but perhaps your lecturers need a kick up the arse. We, as taxpayers are subsidising this.
Spicy Meatball
Thread Starter
Join Date: Jan 2004
Location: Liverpool UK
Age: 42
Posts: 1,115
Likes: 0
Received 0 Likes
on
0 Posts
I have been waiting for this. Firstly, it aint tax payers who cover it, it's me at £1,150 per term. Third year students are expected to find out their own knowledge via extensive research and learning. Knowing firewall's in-depth is not something covered in previous modules, only the basic's are touched. In this one, we are expected to fully configure a Windows Server 2003, along with VPN (again, never even touched before) and a specialised, LAN designed firewall (again, new to me and the group). We only get basic lectures for the first few weeks to give us a foundation on the subjects we MAY need to look at. Other than that, it's up to us That's why I came on here to get some much appreciated advice, from people who know more than me, in order to help me learn! It is research! Don't moan about tax payers money when students are the professional's of the future. It's layabouts you need to worry about
By the way, I agree with the kick up the arse bit !
By the way, I agree with the kick up the arse bit !