This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Packet Filter & Web Surfing

Hello,

I have been trying to lock down my firewall for some time now.  I see that there is a "Web Surfing" group.

I have Rule #1 = Internal Network --> Web Surfing --> Any

I have HTTP proxy on in transparent mode.

I am unable to browse the Internet with just that rule.  I have to have another rule to be able to browse.  Rule #2 = Internal --> Any --> Any.

I am running a SBS2003 server.  The DNS on the client PC's points to the server and the firewall.

What am I missing to limit outbound traffic and take more control?  I know this has to be something really small.

Thanks,
RR

This thread was automatically locked due to age.

Parents

0 Simon Shaw over 17 years ago

What's "Web Surfing" got in it's definition?

If you are running the transparent proxy I suspect it's not configured properly.
You should not need a packet filter rule if the proxy is correctly configured.

You should perhaps not configure clients to look at the server AND the firewall.

Configure them to look at the server, then configure the server to look at the firewall for DNS it cannot resolve.
Is DNS configured on the firewall correctly?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Simon Shaw over 17 years ago

What's "Web Surfing" got in it's definition?

If you are running the transparent proxy I suspect it's not configured properly.
You should not need a packet filter rule if the proxy is correctly configured.

You should perhaps not configure clients to look at the server AND the firewall.

Configure them to look at the server, then configure the server to look at the firewall for DNS it cannot resolve.
Is DNS configured on the firewall correctly?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Blue Tree Technology over 17 years ago in reply to Simon Shaw

The Web Surfing rule is put in by the configuration wizard. The services in there are HTTP, HTTPS, HTTP Proxy, HTTP WebCache

The clients were originally looking only at the server I made the change in testing.

DNS on the firewall is as follows:
Global = Internal Network
Forwarders = Internal Server, Box is UNCHECKED
The other tabs are unused

Does that help?
Cancel
Vote Up 0 Vote Down

Cancel
0 hobycat over 17 years ago in reply to Blue Tree Technology

Do you have a NAT rule in place?
internal network>external interface.
DNS - you will need to check to see if anything can be resolved.
in tools/ you can ping/resolve an address directly off the astaro to see if DNS is working correctly.
Cancel
Vote Up 0 Vote Down

Cancel
0 Blue Tree Technology over 17 years ago in reply to hobycat

Do you have a NAT rule in place?
internal network>external interface.

Yes.

DNS - you will need to check to see if anything can be resolved.
in tools/ you can ping/resolve an address directly off the astaro to see if DNS is working correctly.

I am able to ping from the firewall. I tested by pinging www.yahoo.com.

Thanks!
Cancel
Vote Up 0 Vote Down

Cancel
0 Blue Tree Technology over 17 years ago in reply to Blue Tree Technology

bump, bump, bump!
Cancel
Vote Up 0 Vote Down

Cancel
0 jjohnston62 over 17 years ago in reply to Blue Tree Technology

I don't understand what you're trying to do.... you already have the answer.

Put the Internal-Any-Any rule in place and leave it. Forget the Web services group thing... I don't know what that's for. The transparent configuration will filter all HTTP traffic.

If you want to block other forms of traffic, then place block rules above your Internal-Any-Any rule. Does that help at all?
Cancel
Vote Up 0 Vote Down

Cancel