Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Newbie
  •  
evrycard

Messages: 6
Karma: 0
Send a private message to this user
I am looking for to setup a gateway that will filter all the bad https (porn, ad, etc..) for my homenetwork. I have been trying to setup Winroute Firewall (trial) for that purpose. Yet my client computers can not connect. Is there a simple setup steps out there that can guide me?

Host:
- XP Pro
- LAN
IP: 192.168.10.1
SUBNET MASK: 255.255.255.0
DEFAULT GATEWAY: (BLANK)
DNS: 192.168.10.1
- WAN: (Assigned by ISP)
- DHCP: enable and setup to 192.168.10.1 etc..

Client:
- XP Pro
- LAN
IP: 192.168.10.5
SUBNET MASK: 255.255.255.0
DEFAULT GATEWAY: 192.168.10.1
DNS: 192.168.10.1

All the rest of the setup of kerio are default.
Thx...
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Assumptions:
The firewall has two network interface cards (NICs). One connected to the internet (named: internet), one connected to the LAN (named: LAN). For both NICs the TCP/IP settings are correct (no default gateway set on NIC named LAN).
Access to firewall from LAN is not limited (not good practice, good enough for first setup).

Configuration / Traffic Policy
Rules are evaluated from top to bottom until a rule is found that matches. The settings of that rule are applied to the traffic. Use only those that are needed.

Rule to allow DNS Server of KWF access to DNS server of ISP
name: DNS
source: firewall
dest: internet
service: DNS
action: allow
log: none
translation: none
protocol inspector: default

Rule to allow Proxy Server and firewall to access websites on the internet
name: HTTP
source: firewall
dest: internet
service: HTTP, HTTPS
action: allow
log: none
translation: none
protocol inspector: default

Rule to allow clients to browse internet if not using the proxy server
name: HTTP LAN
source: LAN
dest: internet
service: HTTP, HTTPS
action: allow
log: none
translation: NAT default outgoing interface
protocol inspector: default

Rule to allow firewall to access FTP sites on the internet
name: FTP
source: firewall
dest: internet
service: FTP
action: allow
log: none
translation: none
protocol inspector: default

Rule to allow client from LAN to access FTP sites
name: FTP LAN
source: LAN
dest: internet
service: FTP
action: allow
log: none
translation: NAT default outgoing interface
protocol inspector: default

Rule to allow firewall to access mailserver (of ISP) on the internet
name: Mail
source: firewall
dest: internet
service: SMTP, POP3
action: allow
log: none
translation: none
protocol inspector: default

Rule to allow client from LAN to access mailserver (of ISP) on the internet
name: Mail LAN
source: LAN
dest: internet
service: SMTP, POP3
action: allow
log: none
translation: NAT default outgoing interface
protocol inspector: default

Rule to allow access from internet to a webserver in LAN
name: Web service
source: internet
dest: firewall
service: HTTP
action: allow
log: none
translation: MAP, translate to ip address of webserver (internal address)
protocol inspector: default

Rule to allow access from internet to a mailserver in LAN
name: Mail service
source: internet
dest: firewall
service: SMTP
action: allow
log: none
translation: MAP, translate to ip address of mailserver (internal address)
protocol inspector: default

Rule to allow access from internet to VPN server of firewall
name: VPN service
source: internet
dest: firewall
service: Kerio VPN
action: allow
log: none
translation: none
protocol inspector: default

Rule to allow (all) access from LAN to firewall
name: LAN to firewall
source: LAN
dest: firewall
service: Any
action: allow
log: none
translation: none
protocol inspector: default

Default block all rule
name: Default rule
source: Any
dest: Any
service: Any
action: drop
log: packets

Configuration / DNS Forwarder
Check 'Enable DNS forwarding'
Select 'Forward DNS queries to the server automatically selected from DNS servers known to the operating system'
Check 'Enable cache for faster responses to repeated queries'. If there is an internal DNS server (like on a Active Directory Server) disable caching on KWF.
  •  
evrycard

Messages: 6
Karma: 0
Send a private message to this user
All setup correct now but still can't ping host from client.
Kerio's DHCP is not assigning IP to client.
I set DHCP to default of step-by-step. Can you help setting up DHCP? Thx...
Previous Topic: 2 DSL connections on Windows XP acting like a gateway
Next Topic: Install
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 19:34:42 CET 2017

Total time taken to generate the page: 0.00348 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.