Professional Documents
Culture Documents
Endian Firewall
E-book Firewall
Green, Red, Blue, Orange ? Lan set IP Address
Firewall, Proxy, Load
Balance
... ????
ThaiAdmin
ThaiAdmin ...
topic Endian Firewall Topic
Endian Firewall
Firewall ...
E-Book
Thaiadmin PM DM
Link
( .. ^o^ )
... E-book
!! E-book ...
Somhpong Ph.
Soi62@ThaiAdmin
13 Oct 2009
. ....
ref : http://www.thaiadmin.org/board/index.php?topic=112996.0
Quality of Service Devices
Part 1 :
Endian Firewall (EFW) Overview
Endian Firewall Community ? (Neoboyd@Thaiadmin)
EFW? ?
EFW(Neoboyd@Thaiadmin)
Hardware (Neoboyd@Thaiadmin)
(Soi62@Thaiadmin)
Part 2 :
Network (Neoboyd@Thaiadmin)
(Green & Red) (Neoboyd@Thaiadmin)
Network EFW
Part 3 :
config Firewall
config system access
config outgoing
Part 4 :
4.1 Proxy (Neoboyd@Thaiadmin)
4.2 Contentfilter block , (tototyt)
Part 5 :
config Logging Log
Log
Part 6 :
Config VPN server
Open VPN Client to Site (tototyt@thaiadmin)
Open Vpn Site to Site (tototyt@thaiadmin)
IPSEC
Part 7 : Network
7.1 Interfaces : ( Link )
7.2 Routing
:
7.3 Edit Hosts : Hosts
Part 8 : Service
8.1 DHCP : IP Address
8.2 Traffic Monitoring :
Ntop
8.3 Quality of Service Devices (QOS) :
Part 9 :
FAQ
Part 10 :
Appendix ()
Credits ()
Part 1 :
Management
Dashboard
Web Security
EFW? ?
1. Firewall EFW OpenSource
2. Linux config Web
Browser***
3. 3D
4. consult, config
5. community ThaiAdmin
" 5
^o^ "
***
Download EFW
Hardware
Endian Firewall Community Edition
1. Zone network
2. Linux operating system Linux.com
article for more details.
Computer
Endian Firewall
Network 25
Vpn 5 connection ...
Recommend Spec :
Pentium 3.1 GHz.
512 MB. RAM
8 GB. Hard Disk Drive
1 x 100 Mb. Network Cards (Green & Red )
24 hrs. x 365 days
50 vpn 10 connections :
Performance Spec :
Pentium4 2.8 GHz. up
1~4 GB. RAM up
10
1. CD CD-Rom Drive
2. Enter Enter
..
11
3. Enter
12
13
6. 5-10
7. IP Address Green
()....
Enter ...
14
10. Shutdown 10
15
11. CD .... ?
12. config
16
17
18
Endian Firewall Config http://
ip 7 IP Green
1. >>> config
2. English(English) Asia/Bangkok
3. Accept License
19
20
6 >>>
1. Ethernet Static IP IP
2. Ethernet Dhcp IP IP DHCP Server
IP
3. PPPOE internet Adsl username password
IP ISP IP Fix Dynamic
4. Adsl USB PCI adsl interface usb pci 3
driver
5. ISDN digital
6. Analog/UMTS Modem UMTS*
21
22
8. Internet
8.1 Red interface Ethernet Static
1. IP address ip Internet
Leased Line Adsl
Fixed IP Ip 1 IP address Subnet Mask
2. Add additional Addresses(One IP/Netmask or IP/CIDR perline): IP
Leased Line IP 8
1 Network Class, 1 Router, 1 Broadcasting
1 Endian Firewall IP 4
Map Orange Zone
Server 172.16.1.10/255.255.255.0
172.16.1.10/24
3. Interface
4. Default Gateway Internet
23
8.2 Red
1.
2.
3.
24
3. Username
4. Password
5. Authentication PAP or Chap
6. MTU packet
25
26
27
2. ISP PPPOE
>>>
28
3. VPI / VCI
3.1 VPI ( ISP )
3.2 VCI ( ISP )
3.3 Encapsulation LLC
3.4 MTU packet
3.5 Add additional Addresses(One IP/Netmask or IP/CIDR perline): Adsl
Corporate Premium IP 1 ip Concept
username password authen IP Add
additional Addresses(One IP/Netmask or IP/CIDR perline): Online
Adsl IP Dynamic
3.6 Username
3.7 Password
3.8 Authentication PAP or Chap
3.9 Dns 2 Dns server ISP Manul
Dns server >>>
VPI / VCI ISP
ISP
VPI
VCI
Cslox
35
Samart
35
TOT
32
True
100
TT&T
33
29
CATTELECOM
33
Buddy BB
35
8.5 ISDN
1. Modem ISDN
2. Internet
3.
30
4.
5.
6.
7.
Usename
Password
Authen PAP or CHAP
Add additional Addresses(One IP/Netmask or IP/CIDR perline): ISDN
Corporate Premium IP 1 ip
Concept username password authen IP
Add additional Addresses(One IP/Netmask or IP/CIDR perline):
Online ISDN IP Dynamic
8. MTU packet
9. Dns 2 Dns server ISP Manul
Dns server >>>
31
32
3.
4. Access Point
5. Username
6. Password
7. Authen PAP or CHAP
8. Add additional Addresses(One IP/Netmask or IP/CIDR perline):
Personal Use IP
ISP Dynamic
9. MTU packet
10. Dns 2 Dns server ISP Manul
Dns server >>>
33
8.7 Gateway
IP Internet >>>
34
DNS Server
HiNet by CAT :
DNS : 202.129.27.135 / 61.19.245.246 / 61.19.254.134
35
HiNet by TTT
DNS : 202.129.27.135 / 61.19.245.246 / 61.19.254.134
TTT ( 3BB )
DNS : 202.69.137.137 / 202.69.137.138
TOT
DNS : 203.113.127.199 / 203.113.24.199
True
DNS: 203.144.207.29 / 203.144.207.49
10. ...
1. Email
2. Email Endian
3. smtp server
>>>
36
12.
37
38
~ ~
39
Part 2 : Network
Network EFW
40
41
3 : Endian
Zone 4 Zone Endian
Firewall
42
43
44
Manual
1Wan(RED) + 1 Lan(Green) Leased Line Adsl
Config Requirement Adsl 2
Config Adsl
Endian Config Red Main Uplink Internet
Internet
1. Login Dashboard Interface
UP Online
Config CPU MEMORY HDD
version log build
Uplinks Connect
2. internet
log Authentication
IP 2 Fix
Dynamic IP Set Fix DHCP
IP Endian
DHCP
Service -> DHCP-SERVER DHCP Client
IP Endian Firewall Start Address IP DHCP
End address IP IP Primary Dns Secondary Dns
NTP IP Time-server Enable Click
45
Save IP policy
Version IP Dhcp server IP
Network Version IP
Fixed Lease
Ex.: Notebook set tcp/ip Optain auto
IP Dhcp Endian Function Allow only fixed
lease IP Current Fixed lease Notebook
IP Endian manual tcp/ip properties
windows
Add fixed lease notebook Mac address
46
Static DHCP
Add a fied lease Fixed lease 3
1. Computer Name
2. Mac Address
3. IP Mac address IP
IP
1. Setup Tcp/Ip
2. Mac address 1 IP 1
3. IP Set manual Dhcp Fix Lease
4. Version Function Allow only Fixed lease
Current fixed lease
*** Cap ***
*** update DNS Windows Server Client
Dynamic Dhcp Window server Dns server Window
ip client ip Faq 2***
3. Default Internet Client IP Gateway
Internet internet
Proxy Client internet
Firewall
Firewall Firewall
internet
Endian Firewall
Iptable routing port firewall
Port Forwarding/Nat Outgoing Firewall
Source? --> Destination? Service? Policy? Actions
47
***
***
48
Part 4 : Proxy
4.1 Proxy
(Neoboyd@Thaiadmin)
Proxy download internet Proxy
server 1 Endian Proxy
1. Client Endian
2. Proxy Client Browser Concept Browser
IP Port Proxy-Server
3. Endian Firewall version 2.3 rc1 Automatic Configuration
Script proxy.pac Script
proxy address
proxy.pac http://Ipendain/proxy.pac Domain
Group Policy set
proxy client Admin support
1.
2.
3.
4.
5.
6.
7.
49
50
14.
15.
16.
17.
51
52
6. Antivirus
7. Authentication
Local username password Endian Windows Authentication
Ldap Window Domain Radius Server
Endian Username Password Radius Server
Authentication Local
53
54
55
56
57
58
59
60
User Group
61
62
3. Policy
1. Source Type Policy Any
Authentication Internet
2. Destination Any Authenticaiton
user internet
3. Authentication
Allowed Users
4. Time Restriction
5. Active Days 4 Active Days policy
6. Start Hours, Start Minutes, Stop Hours Stop Minutes 4
policy
7. User Agents Browser click Browser
63
64
Policy Reboot
login
65
66
Filter
( URL Blacklist )
67
Custom
68
: Policy
69
Part 5 :
config Logging
Log
Live log
Proxy log
*** update ***
*** update ***
70
FAQ
Q: EFW "GRUB Loading Stage 2 ......" EFW
?
A: EFW
console Serial port port
... Serial port BIOS EFW
71
OpenVPN
net-to-net host-to-net
host-to-net
VPN host-to-net 1
Internet
(LAN)
LAN
(Internet)
LAN
LAN
VPN
72
73
2 Server configuration
4. Save and restart 2
5.
Accounts 3 Add account
3 Accounts
6. Username Password checkbox Direct all client traffic through
the VPN server 4 Save
74
75
5
8. Advanceed 6 Save and restart
6 Advanced
9. Download CA Certificate XXX.cer Client
7 ( IE 8 xxx.cer (xxx
) CommetBird Browser xxx.pem
76
7 Download CA Certification
Status Services STOPED
RUNNING
7.1
8
2. OpenVPN client
Default Options
C:\Program Files\OpenVPN
3. Icon Taskbar 9
9 OpenVPN icon
77
10
78
10
2. Connect OpenVPN Icon Taskbar 11
11
3. IP Address Server IP pool 12
79
12
4. OpenVPN Server user
13 kill
13
user
CA Server
(
)
1. Server IP Client IP
80
IP
Dynamic IP pool start address Restart
Connect IP
81
rule
82
Open VPN
1. Webconfig Endian Forward
Router
83
Endian Firewall 2.3
25/11/2006
( : )
2 Site A Site B
Site
Site Site
IP Private IP
Site
84
1 VPN host-to-hots
Site A Site B
Server Site A
85
2 Server configuration
5.
Save and restart 2
6.
Accounts 3 Add
account
3 Accounts
Username Password checkbox Direct all client
traffic through the VPN server 4
Save
7.
86
87
5
9.
Advanceed 6
Save and restart
6 Advanced
10. Download CA Certificate XXX.cer
Server Site B
88
7 Download CA Certification
Status Services
STOPED
RUNNING
7.1
Server Site B
1.
Site B OpenVPN client
(Gw2Gw) Add tunnel configuration
89
2.
Add VPN tunnel 9
Connection Name :
Connection to : Public IP VPN Server Site A
Upload ca file : CA VPN Server Site A
Username : username VPN Server Site A
Password : password VPN Sever Site A
Remark :
Bridge to : GREEN
90
NAT : * Ping
Protocol: UDP
HTTP proxy :
Proxy username :
Proxy password :
Forge proxy user-agent :
() CA
91
92
Site A
13 Status Site B
* Site A Site B
1. Connect ( Status established ) Ping
93
- ......
94
Part 7 : Network
7.1 Interfaces : ( Link )
7.1.1 Uplinks manage
* Intranet
Loadbalance
Lan Card Drivers Lan Card
Route Endian Firewall
1. Interfaces TAB Uplink editor Create an uplink 7.1.1-1
7.1.1-1
2.
3. Create Uplink
95
7.2 Routing
( Policy Routing )
Routing
( Static
7.2.1
1. Tab
Routing Editor )
7.2.1-1
2.
3. Add Route
7.2.2 ( Policy
Routing Editor )
96
1. 7.2.1 ()
7.2.2-1
7.2.2-1
2. Update Rule
* Multi WAN , Internet Load Balance
( Route )
IP
97
Part 8 : Serveice
8.1 DHCP : IP Address ( Dynamic Host Configuration Protocol )
DHCP IP Address
Ntop
8.2 Traffic Monitoring :
NTOP ....
8.2.1. NTOP ( Enable Traffic Monitoring )
Service / Traffic Monitoring Enable Traffic
Monitoring NTOP
8.2.2-1
98
8.3.2 :
99
8.3.3 :
100
Part 9 : QQ
Tip
1. Restart
- password password "endain" ( " ")
101
Part : 10
Referrence
http://www.easyzonecorp.net/network/view.php?ID=241
http://www.itwizard.info/technology/linux/efw/ovpn_host_to_net/
efw_ovpn_host_to_net.html
http://samba-beginner.blogspot.com/2009/01/setup-openvpn-endianfirewall.html
http://samba-beginner.blogspot.com/2009/02/openvpn-endianfirewall.html
102