Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Initial Configuration
  •  
BlackThyra

Messages: 6

Karma: 0
Send a private message to this user
hello everybody. Very Happy

im a new user to KWF and still in the trial period.


can somebody guide me how to configure KWF in purpose to filter websites from my LAN & wireless clients to the internet for my current small cyber cafe network. the diagram is as follows:

http://img381.imageshack.us/img381/4953/logicaldesignbl3.png

From the diagram above:

1. The internet connection type is ADSL. ADSL modem/router is configured with:
a) NAT - Default route is enabled
b) PPPoE - Dynamic WAN IP from ISP
c) DHCP server - to lease addresses for wireless/LAN clients.
d) DNS address will be obtained from ISP

2. KWF and a cyber cafe management software will be installed in Server #2. The software however requires its wired LAN clients to be configured with static address (as shown in the diagram). So, DHCP will lease addresses for wireless clients only.

3. As you can see, all network nodes are in the same subnet.

so my question is:

how do i configure KWF to automatically filters web access to the WAN interface? all connected clients, server#1 and workstations within the subnet will go through Server #2 then forwards the requests to the WAN interface(modem)

how can i accomplish this and what are the requirements to complete this task?

let me know if u need more information.

thanks in advance.. Smile



[Updated on: Mon, 11 August 2008 07:44]

  •  
an2ny79

Messages: 109
Karma: 2
Send a private message to this user
Important..
For you to utilize KWF, you need to expose it to Internet directly.. As I can see, you are having router/firewall inside router/firewall.. This isn't good (take it from me). I know you are pro-security, but KWF isn't develope for this. KWF need one private NIC and one Public NIC to make it work.

Server#2
- Private IP (192.168.1.14)
- Other NIC (192.168.1.x) <-- where you plug the DSL MODEM
- Since this is PPPoE, Create dialup Connection (using simple Windows DialUp settings)

- In KWF Program (under Configuration\interface), create RAS and bind it to DIAL-UP connection you created. Set persistent when connecting.

Server#1 and other workstations
- Static IP
- Gateway and/or DNS, point to Server#2's Private IP

Wireless
- Dynamic or DHCP lease
- Gateway and/or DNS, point to Server#2's Private IP

---------------------------
Procedure
Create Traffic Rules (use Wizard to make this short)
Create HTTP Rules

lastly,

Explore..
---------------------------

KWF is easy to handle, I believe you can do it...

Any questions, let me know...

BTW, v6.4.2 has many improvements...
  •  
BlackThyra

Messages: 6

Karma: 0
Send a private message to this user
thanks for the reply an2ny79... really appreciate it... Very Happy

ok i got the hardware requirements for KWF to work. But mind you that the PPPoE will be auto-dialed which means i already configure the modem to do so. So, still this requires me to set up RAS?

As 2 NICs are required on server #2, KWF needs an internal routing, and how the wireless will obtain address? im thinking KWF's DHCP.. is it possible?

then, as for the other workstations, the address should be in the same subnet or different network address?

i will revise the network diagram sooner or later and possibly a few more questions.

thanks for the effort Smile
  •  
an2ny79

Messages: 109
Karma: 2
Send a private message to this user
I dont think it would be a problem using your Windows' Dialup to connect... But I would suggest use KWF instead. You still need to create Windows' dialup for you to bind it to KWF.

KWF is a Router and Firewall, let it do the work about routing.

For wireless, you just need to enable KWF DHCP. But make sure that no other DHCP server is active.

1 IP segment (192.168.1.x) is enough to cater all your wired and wireless computers.

Anyway, it depends on your setup if you would want to have 2 IP segments. KWF server will just bridge them all.
  •  
BlackThyra

Messages: 6

Karma: 0
Send a private message to this user
ok guys, here's my current network config:

http://img301.imageshack.us/img301/1298/kwfjq4es7.jpg

ADSL modem/router.
IP address: 192.168.1.254
WAN IP: dynamic. automatically obtain from ISP
DNS: 202.188.1.5, 202.188.0.133
NAT: yes.
Connection type: Auto-connect PPPoE

3COM 4500G Switch
IP: 192.168.1.250/24

3COM Wireless AP
IP: 192.168.1.253/24

LAN interface:
IP: 192.169.2.16/24
Gateway: none
DNS: 192.168.1.20

WAN interface:
IP 192.168.1.20/24
Gateway: 192.168.1.254 (modem IP)
DNS: 202.188.1.5 and 202.188.0.133

KWF DHCP Server Active: Leasing 192.168.2.0/24 to my LAN/wireless clients

The Problems is now, i can PING from firewall machine and LAN PCs to outside like yahoo, gmail etc. but i browser wont display a thing.. it will display "connection to server failed (code 10048)"

when i stop KWF, connection will be back normal (KWF machine)

any idea what to do??

check out my current KWF settings:

http://img123.imageshack.us/img123/4531/57945663ml9.th.jpg

[Updated on: Mon, 11 August 2008 07:50]

  •  
BlackThyra

Messages: 6

Karma: 0
Send a private message to this user
problem solved.

it was Kaspersky that caused the problem. So i got rid of it. Razz
Previous Topic: No internet, please help!
Next Topic: USER QUOTA HELP NEEDED
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Sep 24 01:23:38 CEST 2017

Total time taken to generate the page: 0.00498 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.