Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Need help with basic lan config
  •  
buggs1a

Messages: 50
Karma: -2
Send a private message to this user
I've got Kerio winroute firewall 6.0.something. I need some help with setting it up on a basic lan. I tried following the info from the admin guide and basic set up guide, but it is for advanced set ups and introduces vpn and other network settings and scenerios then just a basic home network. So could someone please help? Here's what I've done and the problem.

I've got the 2 nics working fine and connection works fine to the net. I install winroute firewall and once it's enabled the network doesn't work anymore unless i disable the kerio. No internet from anything. I go into tcp and make the lan 192.168.1.1 and everything the user guides tell me. Inside kerio i set up everything according to the admin guide and set up guide except I do not add anything extra other then what is needed for basic lan. The server pc don't get online anymore and only does if kerio is disabled.

Was really hoping someone could help please.
  •  
frankxs

Messages: 85
Karma: 0
Send a private message to this user
Not sure I fuly understand where you are, but...

At the risk of being too obvious, the basic job of a firewall is to prevent everything from passing unless you specifically enable it. KWF, by default, does this. Since everything quits working when you enable the firewall, perhaps all you need is a rule allowing something (anything) to pass. I'd suggest starting with a rule for web surfing (port 80). Then test that. Keep adding rules for whatever ports you need.

-Frank
  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
what is your first language? Swedish? isåfall förklara på svenska så hjälper jag dig... If not maybe someone else can help you at your own language.

/W
  •  
buggs1a

Messages: 50
Karma: -2
Send a private message to this user
No, it has nothing to do with I have to add rules to do anything as it's a router like software, so it would block only incomming, not outgoing. Basically it's a router in software. Also the manuals never tell you to ( before you can use this and do anything and surf the net you need to make tons of rules to open the internet for your local users ). You do not need to do this.

My problem is that in the admin guide and basic getting started guide it tells you how to set it up for advance uses, not a basic home lan. I have tried to follow it step by step only to not do some of the advance settings because this is not a corp network or vpn etc. Nothing I do works. I set up the lan nic for 192.168.1.1 and so on and I set up the wan nic for getting info from isp dhcp and winroute etc. I enabled the dhcp server in winroute and so on yet nothing ever works. I even enabled firewall pc can surf the net etc. I'm not exactly sure if I did it right or what is wrong, but I think it was set pretty close to accurate. So I'd really appreciate it if someone would be willing to give a step by step basic lan config set up since the manuals do not do this.

I think I've done this, but obviously something is wrong cus it didn't work.

My network is like this.
server pc has 2 nics
cable modem in the wan nic and local lan in the lan nic.
winroute firewall pro installed.
lan nic is ip address static, 192.168.1.1 255.255.255.0
wan nic is obtain automatically from isp
i forget what else is set in here like dns 192.168.168.1 or something.
winroute firewall pro is set dhcp server on and 192.168.1.1 or whatever i think. i forget.
i forget what else is set in all of this.
  •  
buggs1a

Messages: 50
Karma: -2
Send a private message to this user
oh yeah Frank, yer in the wrong forum too, this forum is for winroute firewall pro, not the normal firewall program. so yer post has nothing to do with my need for help, but thanks for trying anyway. and also by the way, again firewall only block incomming, not outgoing, unless you specifically tell it too, anyhow thanks for trying though.

ok i think i am in the wrong forum, lol, so i will post there, sorry guys.

[Updated on: Mon, 25 April 2005 04:35]

  •  
sproket90

Messages: 37
Karma: 0
Send a private message to this user
umm buggs.. it has everything to do with adding rules.. by default all good firewalls block both incoming/outgoing traffic.

You need to add rules to allow your internal clients to talk to the internet.

What does your current traffic policy look like?

Do you have a rule like:
source internal, dest external, service http,dns, allow?

you need this just to browse the internet.
  •  
buggs1a

Messages: 50
Karma: -2
Send a private message to this user
Ok, now here goes, I still would like help please. If someone would actually be willing to chat with me in yahoo I'd want to return the favor somehow if i could for helping me out.
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Assumptions:
The firewall has two network interface cards (NICs). One connected to the internet (named: internet), one

connected to the LAN (named: LAN). For both NICs the TCP/IP settings are correct (no default gateway set on NIC

named LAN).
Access to firewall from LAN is not limited (not good practice, good enough for first setup).

Configuration / Traffic Policy
Rules are evaluated from top to bottom until a rule is found that matches. The settings of that rule are applied

to the traffic. Use only those that are needed.

Rule to allow DNS Server of KWF access to DNS server of ISP
name: DNS
source: firewall
dest: internet
service: DNS
action: allow
log: none
translation: none
protocol inspector: default

Rule to allow Proxy Server and firewall to access websites on the internet
name: HTTP
source: firewall
dest: internet
service: HTTP, HTTPS
action: allow
log: none
translation: none
protocol inspector: default

Rule to allow clients to browse internet if not using the proxy server
name: HTTP LAN
source: LAN
dest: internet
service: HTTP, HTTPS
action: allow
log: none
translation: NAT default outgoing interface
protocol inspector: default

Rule to allow firewall to access FTP sites on the internet
name: FTP
source: firewall
dest: internet
service: FTP
action: allow
log: none
translation: none
protocol inspector: default

Rule to allow client from LAN to access FTP sites
name: FTP LAN
source: LAN
dest: internet
service: FTP
action: allow
log: none
translation: NAT default outgoing interface
protocol inspector: default

Rule to allow firewall to access mailserver (of ISP) on the internet
name: Mail
source: firewall
dest: internet
service: SMTP, POP3
action: allow
log: none
translation: none
protocol inspector: default

Rule to allow client from LAN to access mailserver (of ISP) on the internet
name: Mail LAN
source: LAN
dest: internet
service: SMTP, POP3
action: allow
log: none
translation: NAT default outgoing interface
protocol inspector: default

Rule to allow access from internet to a webserver in LAN
name: Web service
source: internet
dest: firewall
service: HTTP
action: allow
log: none
translation: MAP, translate to ip address of webserver (internal address)
protocol inspector: default

Rule to allow access from internet to a mailserver in LAN
name: Mail service
source: internet
dest: firewall
service: SMTP
action: allow
log: none
translation: MAP, translate to ip address of mailserver (internal address)
protocol inspector: default

Rule to allow access from internet to VPN server of firewall
name: VPN service
source: internet
dest: firewall
service: Kerio VPN
action: allow
log: none
translation: none
protocol inspector: default

Rule to allow (all) access from LAN to firewall
name: LAN to firewall
source: LAN
dest: firewall
service: Any
action: allow
log: none
translation: none
protocol inspector: default

Default block all rule
name: Default rule
source: Any
dest: Any
service: Any
action: drop
log: packets

Configuration / DNS Forwarder
Check 'Enable DNS forwarding'
Select 'Forward DNS queries to the server automatically selected from DNS servers known to the operating system'
Check 'Enable cache for faster responses to repeated queries'
Previous Topic: Problem with Gmail pop.
Next Topic: Microsoft Visual C++ Runtime Library PROGRAM: .. ram filesWinroute Firewallwinroute.exe
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 16:34:31 CET 2017

Total time taken to generate the page: 0.00495 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.