Endian Firewall 2.

3 rc1 - Manual Book

Endian Firewall 2.3 rc1

~ Manual Book ~

Endian Firewall

Endian Firewall 2.3 rc1 - Manual Book

E-book Firewall
Green, Red, Blue, Orange ? Lan set IP Address
Firewall, Proxy, Load
Balance
... ????
ThaiAdmin

ThaiAdmin ...

topic Endian Firewall Topic
Endian Firewall

Firewall ...
E-Book

Thaiadmin PM DM

Link
( .. ^o^ )
... E-book
!! E-book ...

Somhpong Ph.
Soi62@ThaiAdmin
13 Oct 2009

. ....
ref : http://www.thaiadmin.org/board/index.php?topic=112996.0

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall 2.3 rc1 - Manual Book

Quality of Service Devices
Part 1 :
Endian Firewall (EFW) Overview
Endian Firewall Community ? (Neoboyd@Thaiadmin)
EFW? ?
EFW(Neoboyd@Thaiadmin)
Hardware (Neoboyd@Thaiadmin)
(Soi62@Thaiadmin)

Part 2 :
Network (Neoboyd@Thaiadmin)
(Green & Red) (Neoboyd@Thaiadmin)
Network EFW

Green, Red, Blue Orange(DMZ) (Neoboyd@Thaiadmin

Red ThaiAdmin ?

Part 3 :
config Firewall
config system access
config outgoing
Part 4 :
4.1 Proxy (Neoboyd@Thaiadmin)
4.2 Contentfilter block , (tototyt)

Part 5 :
config Logging Log
Log
Part 6 :
Config VPN server
Open VPN Client to Site (tototyt@thaiadmin)
Open Vpn Site to Site (tototyt@thaiadmin)
IPSEC

Part 7 : Network
7.1 Interfaces : ( Link )
7.2 Routing
:
7.3 Edit Hosts : Hosts
Part 8 : Service
8.1 DHCP : IP Address
8.2 Traffic Monitoring :
Ntop
8.3 Quality of Service Devices (QOS) :

Endian Firewall 2.3 rc1 - Manual Book

Part 9 :
FAQ

Part 10 :
Appendix ()
Credits ()

Endian Firewall 2.3 rc1 - Manual Book

Part 1 :

Endian Firewall (EFW) Overview

First Sceen (Dashboard)

Endian Firewall 2.3 rc1 - Manual Book

Management

Dashboard

Quality of Service and Bandwidth

Endian Firewall 2.3 rc1 - Manual Book

Web Security

Intrusion Prevention System

Group-based content filtering & enhanced

Enhanced Network Address Translation (NAT)

Other....
- Traffic-based Hotspot tickets and automatic user generation
- Event handling and notification
- SNMP support
- Revamped Mail Security
- Sophos Anti-Virus (optional)
- Commtouch RPD (optional)

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall Community ?

Endian Firewall Community
Unified
*

Threat Management (UTM)

...
**

1. Stateful packet inspection firewall

2. Application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with Antivirus
support
3. Virus and spamfiltering for email traffic (POP and SMTP)
4. Content filtering of Web traffic
5. VPN solution (based on OpenVPN)
Endian Firewall software Open source Endian S.r.l.
* Network firewall + E-mail spam filtering + Anti-virus capability + IDS or IPS = UTM
** Stateful packet inspection firewall

EFW? ?
1. Firewall EFW OpenSource
2. Linux config Web
Browser***
3. 3D

4. consult, config

5. community ThaiAdmin
" 5
^o^ "
***

Web Browser : Internet Explorer, FireFox, Safari, Chrome, etc...

Download EFW

Endian Firewall version 2.3 rc1

...
Endian Firewall Community 2.3 Release Candidate
123 MB. download ISO ISO
CD CD speed
4x ~ 12X

Hardware

Endian Firewall Community Edition
1. Zone network
2. Linux operating system Linux.com
article for more details.

Endian Firewall 2.3 rc1 - Manual Book

CentOS 4.6 operating system. CentOS

driver version linux

chipset Realtek
Intel intel Nvidia
Raid hardware

Computer
Endian Firewall
Network 25
Vpn 5 connection ...
Recommend Spec :
Pentium 3.1 GHz.
512 MB. RAM
8 GB. Hard Disk Drive
1 x 100 Mb. Network Cards (Green & Red )
24 hrs. x 365 days
50 vpn 10 connections :
Performance Spec :
Pentium4 2.8 GHz. up
1~4 GB. RAM up

20~80 GB. Hard Disk Drive (Caching, Logging)

4 x 100 Mb. Network Cards (Green, Red, Blue, Orange )
24 hrs. x 365 days
*Caching : ISP Client
EFW ISP
*Logging : Log EFW . 90 ...

10

Endian Firewall 2.3 rc1 - Manual Book

1. CD CD-Rom Drive

Boot CD-Rom Drive ....

2. Enter Enter
..

11

Endian Firewall 2.3 rc1 - Manual Book

3. Enter

4. EFW HDD Endian

Yes Enter

12

Endian Firewall 2.3 rc1 - Manual Book

5. console Serial Yes

Green .... No Enter .....

13

Endian Firewall 2.3 rc1 - Manual Book

6. 5-10

7. IP Address Green
()....
Enter ...

14

Endian Firewall 2.3 rc1 - Manual Book

8. IP Address Eject CD ...

EFW

9. EFW Enter Reboot ...

10. Shutdown 10

15

Endian Firewall 2.3 rc1 - Manual Book

11. CD .... ?

12. config

16

Endian Firewall 2.3 rc1 - Manual Book

13. Green IP ....

0-Shell : linux

1-Restore Factory : config EFW

Clear
2-Reboot : EFW

14. EFW Shell username=root ; password=endian ...

17

Endian Firewall 2.3 rc1 - Manual Book

exit Enter ...

....

18

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall Config http://
ip 7 IP Green
1. >>> config

2. English(English) Asia/Bangkok

3. Accept License

19

Endian Firewall 2.3 rc1 - Manual Book

4. Restore Backup Endian Firewall

Restore NO
>>>

Restore Yes >>> Browse

Config Backup
5. Remote SSH

20

Endian Firewall 2.3 rc1 - Manual Book

6 >>>

6. Red Interface Internet

1. Ethernet Static IP IP
2. Ethernet Dhcp IP IP DHCP Server
IP
3. PPPOE internet Adsl username password
IP ISP IP Fix Dynamic
4. Adsl USB PCI adsl interface usb pci 3
driver
5. ISDN digital

6. Analog/UMTS Modem UMTS*

7. Gateway Endian Internet Nat

router
*UMTS "Universal Mobile Telecommunication System" 3G
GSM, GPRS EDGE W-CDMA
- UMTS
2 Mbit/sec - EDGE
4

21

Endian Firewall 2.3 rc1 - Manual Book

7. Network Zone Zone

Blue Orange ...
1. Orange Zone DMZ Server
Map Public IP ISP
2. Blue Zone Wifi Zone
* Blue & Orange
None >>>

22

Endian Firewall 2.3 rc1 - Manual Book

8. Internet
8.1 Red interface Ethernet Static
1. IP address ip Internet
Leased Line Adsl
Fixed IP Ip 1 IP address Subnet Mask
2. Add additional Addresses(One IP/Netmask or IP/CIDR perline): IP
Leased Line IP 8
1 Network Class, 1 Router, 1 Broadcasting
1 Endian Firewall IP 4
Map Orange Zone
Server 172.16.1.10/255.255.255.0
172.16.1.10/24
3. Interface
4. Default Gateway Internet

23

Endian Firewall 2.3 rc1 - Manual Book

8.2 Red
1.
2.
3.

interface Ethernet DHCP

Interface Internet DHCP
MTU packet
Spoof Mac address with Mac address

4. Dns 2 Dns server ISP Manul

Dns server
5. >>>

24

Endian Firewall 2.3 rc1 - Manual Book

8.3 Red interface PPPOE

1. Interface Internet
2. Add additional Addresses(One IP/Netmask or IP/CIDR perline):
Adsl Corporate Premium IP 1 ip
Concept username password authen IP
Add additional Addresses(One IP/Netmask or IP/CIDR perline):
Online Adsl IP Dynamic

3. Username
4. Password
5. Authentication PAP or Chap
6. MTU packet

25

Endian Firewall 2.3 rc1 - Manual Book

7. Dns 2 Dns server ISP Manul

Dns server
8. Service ISP
9. Concentractor Name
10. >>>

26

Endian Firewall 2.3 rc1 - Manual Book

27

Endian Firewall 2.3 rc1 - Manual Book

8.4 Adsl (USB,PCI) Adsl Modem USB

PCI
1. Modem >>>

2. ISP PPPOE
>>>

28

Endian Firewall 2.3 rc1 - Manual Book

3. VPI / VCI
3.1 VPI ( ISP )
3.2 VCI ( ISP )
3.3 Encapsulation LLC
3.4 MTU packet
3.5 Add additional Addresses(One IP/Netmask or IP/CIDR perline): Adsl
Corporate Premium IP 1 ip Concept
username password authen IP Add
additional Addresses(One IP/Netmask or IP/CIDR perline): Online
Adsl IP Dynamic
3.6 Username
3.7 Password
3.8 Authentication PAP or Chap
3.9 Dns 2 Dns server ISP Manul
Dns server >>>
VPI / VCI ISP
ISP

VPI

VCI

Cslox

35

Samart

35

TOT

32

True

100

TT&T

33

29

Endian Firewall 2.3 rc1 - Manual Book

CATTELECOM

33

Buddy BB

35

8.5 ISDN
1. Modem ISDN
2. Internet
3.

30

Endian Firewall 2.3 rc1 - Manual Book

4.
5.
6.
7.

Usename
Password
Authen PAP or CHAP
Add additional Addresses(One IP/Netmask or IP/CIDR perline): ISDN
Corporate Premium IP 1 ip
Concept username password authen IP
Add additional Addresses(One IP/Netmask or IP/CIDR perline):
Online ISDN IP Dynamic

8. MTU packet
9. Dns 2 Dns server ISP Manul
Dns server >>>

31

Endian Firewall 2.3 rc1 - Manual Book

8.6 Analog /UMTS Modem

1. Port /dev/ttyS0/
2. Modem >>>

32

Endian Firewall 2.3 rc1 - Manual Book

3.
4. Access Point
5. Username
6. Password
7. Authen PAP or CHAP
8. Add additional Addresses(One IP/Netmask or IP/CIDR perline):
Personal Use IP
ISP Dynamic
9. MTU packet
10. Dns 2 Dns server ISP Manul
Dns server >>>

33

Endian Firewall 2.3 rc1 - Manual Book

8.7 Gateway
IP Internet >>>

34

Endian Firewall 2.3 rc1 - Manual Book

9. DNS Server 2 ( DNS

) >>>

DNS Server
HiNet by CAT :
DNS : 202.129.27.135 / 61.19.245.246 / 61.19.254.134

35

Endian Firewall 2.3 rc1 - Manual Book

HiNet by TTT
DNS : 202.129.27.135 / 61.19.245.246 / 61.19.254.134
TTT ( 3BB )
DNS : 202.69.137.137 / 202.69.137.138
TOT
DNS : 203.113.127.199 / 203.113.24.199
True
DNS: 203.144.207.29 / 203.144.207.49
10. ...
1. Email
2. Email Endian
3. smtp server
>>>

11. OK, Apply Configuration

36

Endian Firewall 2.3 rc1 - Manual Book

12.

13. Browser http:// IP Green Zone

37

Endian Firewall 2.3 rc1 - Manual Book

14. login default Webconfig User Admin password

5

15. Dash Board

38

Endian Firewall 2.3 rc1 - Manual Book

~ ~

39

Endian Firewall 2.3 rc1 - Manual Book

Part 2 : Network

Network EFW

Zone Linux Firewall Zone 4 Zone

1. RED : (untrusted network Internet)
2. GREEN : (trusted network Intranet(Lan))
3. ORANGE : Server (DMZ Server Zone)
4. BLUE : ( Wireless )
Zone

1 : Endian Server Firewall Nat Proxy

Management
log

40

Endian Firewall 2.3 rc1 - Manual Book

2 : Endian Server Zone DMZ 2

41

Endian Firewall 2.3 rc1 - Manual Book

3 : Endian
Zone 4 Zone Endian
Firewall

42

Endian Firewall 2.3 rc1 - Manual Book

4 : Endian Firewall Gateway

log internet Traffic
Mornitor internet

43

Endian Firewall 2.3 rc1 - Manual Book

44

Endian Firewall 2.3 rc1 - Manual Book

Manual
1Wan(RED) + 1 Lan(Green) Leased Line Adsl
Config Requirement Adsl 2
Config Adsl

Endian Config Red Main Uplink Internet
Internet
1. Login Dashboard Interface
UP Online
Config CPU MEMORY HDD
version log build
Uplinks Connect

2. internet

log Authentication
IP 2 Fix
Dynamic IP Set Fix DHCP
IP Endian
DHCP
Service -> DHCP-SERVER DHCP Client
IP Endian Firewall Start Address IP DHCP
End address IP IP Primary Dns Secondary Dns
NTP IP Time-server Enable Click

45

Endian Firewall 2.3 rc1 - Manual Book

Save IP policy
Version IP Dhcp server IP
Network Version IP
Fixed Lease
Ex.: Notebook set tcp/ip Optain auto
IP Dhcp Endian Function Allow only fixed
lease IP Current Fixed lease Notebook
IP Endian manual tcp/ip properties
windows
Add fixed lease notebook Mac address

ipconfig /all Add a Fixed Lease IP

save IP
Add a Fixed Lease Dynamic IP
DHCP-server Endian IP
user IP Config Dhcp IP
set

46

Endian Firewall 2.3 rc1 - Manual Book

Static DHCP
Add a fied lease Fixed lease 3
1. Computer Name
2. Mac Address

3. IP Mac address IP
IP

1. Setup Tcp/Ip
2. Mac address 1 IP 1
3. IP Set manual Dhcp Fix Lease
4. Version Function Allow only Fixed lease
Current fixed lease
*** Cap ***
*** update DNS Windows Server Client
Dynamic Dhcp Window server Dns server Window
ip client ip Faq 2***
3. Default Internet Client IP Gateway
Internet internet
Proxy Client internet
Firewall
Firewall Firewall
internet
Endian Firewall
Iptable routing port firewall
Port Forwarding/Nat Outgoing Firewall
Source? --> Destination? Service? Policy? Actions

*** update concpet forward server client ***

Firewall -> Port Forwarding/Nat
Internet Port
Forwarding/Nat Server online
Endian Firewall
*** update concpet internet ***

47

Endian Firewall 2.3 rc1 - Manual Book

Part 3 : Config Endian Firewall

Firewall -> Outgoing Traffic Internet
Config Disable port 80 443
user user proxy

***

Config Endian Firewall

***

48

Endian Firewall 2.3 rc1 - Manual Book

Part 4 : Proxy
4.1 Proxy
(Neoboyd@Thaiadmin)
Proxy download internet Proxy
server 1 Endian Proxy

1. Client Endian
2. Proxy Client Browser Concept Browser
IP Port Proxy-Server
3. Endian Firewall version 2.3 rc1 Automatic Configuration
Script proxy.pac Script
proxy address
proxy.pac http://Ipendain/proxy.pac Domain
Group Policy set
proxy client Admin support

1.
2.
3.
4.
5.
6.
7.

*** Set Proxy Group Policy Domain Windows Server ****

User Configuration
Windows Settings
Internet Explorer Maintenance
Connection
Proxy Setting double click
Enable proxy settings ip endian http port
Use the same proxy server for all addresse
*** Set Proxy Group Policy Windows server Disable Proxy IE
***
1. Start Run gpedit.msc
2. User Configuration > Administrative Templets > Windows components > Internet
Explorer
3. Disable Changinging proxy settings
4. Enabled
*** Msn proxy ***
1. proxy msn
2. username password user
3.
Proxy Enable proxy

49

Endian Firewall 2.3 rc1 - Manual Book

5. Proxy Green Orange

Blue
1. Not Transparent Zone Authentication
2. Transparent internet Authentication
Proxy Setting
1. Port Used by Proxy Port Proxy server
2. Error Langauge Error
3. Visible Hostname Proxy-server
4. Email Used For notification
5. minimum download size download
6. Maximum upload Size upload
7. Allowed port port proxy SSL
8. Log Settings log
log user agent
9. By pass tranparent proxy config
Authentication
10. Cache Size on harddisk proxy harddisk
cache
Harddisk user
cache
11. Cache Size within Memory Cache Ram

12. Maximum Object Size proxy

cache
cache
version KB
13. Minimum Object size proxy
internet jpg

50

Endian Firewall 2.3 rc1 - Manual Book

14.
15.
16.
17.

swf html 1024Kb. 1 Mb.

version KB
Clear Cache Clear cache
index squid
Enable Offline mode offline cache
internet
Do not cache this destinations url cache

Upstream Proxy Proxy proxy speed

cache ip:port
username password Click Save

51

Endian Firewall 2.3 rc1 - Manual Book

52

Endian Firewall 2.3 rc1 - Manual Book

6. Antivirus

7. Authentication
Local username password Endian Windows Authentication
Ldap Window Domain Radius Server
Endian Username Password Radius Server

Authentication Local

1. Authentication Realm login

proxy
2. Number of Child Authentication children login
3. Number of different ips per user IP user
IP user login comupter
user login
1
4. Authentication cache TTL user login

5. User/IP Cache TTL user IP

4
6. Min Password Lenght
user

53

Endian Firewall 2.3 rc1 - Manual Book

7. Manage User user

8. Manage Group User

USER Click Add NCSA user

54

Endian Firewall 2.3 rc1 - Manual Book

user password create user

55

Endian Firewall 2.3 rc1 - Manual Book

Create User 2 Admin User Authentication

56

Endian Firewall 2.3 rc1 - Manual Book

authentication click Manage Group

57

Endian Firewall 2.3 rc1 - Manual Book

58

Endian Firewall 2.3 rc1 - Manual Book

Group admin add user admin Group Admin

Create Group add User Group

59

Endian Firewall 2.3 rc1 - Manual Book

add User Group Group Apply

60

Endian Firewall 2.3 rc1 - Manual Book

User Group

61

Endian Firewall 2.3 rc1 - Manual Book

Group Policy Internet

1. Proxy -> Access Policy Policy
2. Add Access Policy

62

Endian Firewall 2.3 rc1 - Manual Book

3. Policy
1. Source Type Policy Any
Authentication Internet
2. Destination Any Authenticaiton
user internet
3. Authentication
Allowed Users
4. Time Restriction
5. Active Days 4 Active Days policy
6. Start Hours, Start Minutes, Stop Hours Stop Minutes 4
policy
7. User Agents Browser click Browser

8. Access Policy Allow Authentication

9. Filter Profile Endian Filter Virus
10. Position Policy
11. Enable Policy Rule policy Update Policy

63

Endian Firewall 2.3 rc1 - Manual Book

64

Endian Firewall 2.3 rc1 - Manual Book

Apply Policy apply

Policy Reboot
login

65

Endian Firewall 2.3 rc1 - Manual Book

user Set internet login browser username

password

4.2 Contentfilter block ,

(tototyt@thaiadmin)
* Endian Firewall Community release 2.3.0 (c)
2004-2009
(
)
1. Profile Create a Profile Profile ( content1 )
1.1 Profile Name :
*
1.2 Activate antivirus scan * activate antivirus scan

1.3 Platform for Internet Content Selection
1.4 Max. score for phrases (50-300) *
1.5 3
- Filters pages containing phrases of the following categories. (Content Filtering)
(Content Filtering)

66

Endian Firewall 2.3 rc1 - Manual Book

- Filter pages known to have content of the following categories. ( URL

Blacklist )

Filter

( URL Blacklist )

67

Endian Firewall 2.3 rc1 - Manual Book

- Custom black- and whitelists

Custom

1.6 Create profile Update profile

1.7 Contenfilter Profile Prolicy Tab Access Policy
Add
access policy Filter profile
Profile

68

Endian Firewall 2.3 rc1 - Manual Book

: Policy

**** Update ****

69

Endian Firewall 2.3 rc1 - Manual Book

Part 5 :

config Logging
Log

Live log
Proxy log
*** update ***
*** update ***

Backup Configuration Restore Configuration

*** update ***

70

Endian Firewall 2.3 rc1 - Manual Book

FAQ
Q: EFW "GRUB Loading Stage 2 ......" EFW
?
A: EFW
console Serial port port
... Serial port BIOS EFW

Q: DNS server Window Server Client Dynamic IP Endian

firewall Dns server Window ip client
A: Windows Server Dns Server Domain Allow Dynamic
update Non-secure and Secure Dns update
Aging Scavenge
Q:
A:
Q:
A:
Q:
A:

71

Endian Firewall 2.3 rc1 - Manual Book

Part 6 Config Open VPN

6.1 Open VPN Client to Site
OpenVPN Host-to-Net ( Client to Site ) Endian Firewall Community 2.3
RC1
( : tototyt ,
:Noktualek )
2/07/2008 ( 27/10/2009)
efw 2.3 RC1

OpenVPN

Endian Firewall Community

net-to-net host-to-net

host-to-net

VPN host-to-net 1

Internet
(LAN)

LAN
(Internet)
LAN

LAN
VPN

72

Endian Firewall 2.3 rc1 - Manual Book

1 VPN host-to-net client to site

VPN



1. Public IP Fix IP Site A
2. Fix IP Dynamic DSN
3. IP IP VPN Subnet
192.168.1.0/24 remote 192.168.121.0/24
192.168.1.1/24
Endian Firewall Remote ADSL Router 192.168.1.1/24 IP
Address VPN

Server
1. Endian Firewall Community Web Browser
(https://server_ip_address:10443)
2. vpn Openvpn Server Tab Server
configuration
3. Dynamic IP pool start address Dynamic IP pool end address IP Address
(LAN) ( Roadwarrior )
checkbox OpenVPN Server enabled IP
VPN DHCP IP 192.168.1.230-254
25 2

73

Endian Firewall 2.3 rc1 - Manual Book

2 Server configuration
4. Save and restart 2
5.
Accounts 3 Add account

3 Accounts
6. Username Password checkbox Direct all client traffic through
the VPN server 4 Save

74

Endian Firewall 2.3 rc1 - Manual Book

4 Add new user

*
connect Fix IP IP Static ip addresses
7. Restart OpenVPN server 5

75

Endian Firewall 2.3 rc1 - Manual Book

5
8. Advanceed 6 Save and restart

6 Advanced
9. Download CA Certificate XXX.cer Client
7 ( IE 8 xxx.cer (xxx
) CommetBird Browser xxx.pem

76

Endian Firewall 2.3 rc1 - Manual Book

7 Download CA Certification
Status Services STOPED
RUNNING
7.1

7.1 Open VPN Server Status

Client
1. OpenVPN GUI for Windows http://openvpn.se/ Download
Stable Installation Package
openvpn-2.0.9-gui-1.0.3-install.exe

8
2. OpenVPN client
Default Options
C:\Program Files\OpenVPN
3. Icon Taskbar 9

9 OpenVPN icon

77

Endian Firewall 2.3 rc1 - Manual Book

4. client.ovpn C:\Program Files\OpenVPN\sample-config

C:\Program Files\OpenVPN\config

5. VPN Icon 9 Edit Config

C:\Program
Files\OpenVPN\config\client.ovpn
6. ( config
copy config
client
dev tap
proto udp ( tcp 6 tcp)
remote site-001a.dyndns.org xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca cacert.pem ( 9)
auth-user-pass
comp-lzo
remote Domian site-001a.dyndns.org
IP Address OpenVPN Server IP
Public IP IP Private IP IP port 1194
ca path ( CA )
7. disable cert client.crt key client.key client.ovpn
";" ( 6 )
8. CA (xxxx.cer) OpenVPN Server ( 9
Server) config C:\Program
Files\OpenVPN\config

10

1. Connect Icon OpenVPN Client user password

78

Endian Firewall 2.3 rc1 - Manual Book

10
2. Connect OpenVPN Icon Taskbar 11

11
3. IP Address Server IP pool 12

79

Endian Firewall 2.3 rc1 - Manual Book

12
4. OpenVPN Server user
13 kill

13
user

CA Server

(
)
1. Server IP Client IP

80

Endian Firewall 2.3 rc1 - Manual Book

IP
Dynamic IP pool start address Restart

Connect IP

81

Endian Firewall 2.3 rc1 - Manual Book

2. Connect Firewall VPN traffic

Enable VPN Firewall

rule

82

Endian Firewall 2.3 rc1 - Manual Book

Open VPN
1. Webconfig Endian Forward
Router

2. Ping Private IP Address VPN Client IP Address

3. Remote Admin File Sharing Printer Sharing

83

Endian Firewall 2.3 rc1 - Manual Book

VPN Client to Site ADSL

1. ADSL client endian server
2. Database Map drive Express
VPN Client Site
Terminal Remote Desktop
3. Open VPN Client(Open VPN 2.0.9) Windows 7
4. Internet VPN Client gateway
Endian Server Upload Endian Server ()
5. 4 LAN Policy Firewall VPN
Policy
6. IP Address
7. Sharing folder Protocal UDP TCP 6
client 6
8. IP Class A 10.0.0.0/24 Endian
2.2 IP Client VPN 192.168.0.0/24

Bug
* Rule

6.2 Open VPN Site to Site Net-to-Net Endian Firewall

Endian Firewall 2.3

25/11/2006

( : )

OpenVPN Net-to-Net Endian Firewall 2.3

VPN net-to-net Site-to-Site
Intranet VPN

2 Site A Site B
Site
Site Site
IP Private IP
Site

84

Endian Firewall 2.3 rc1 - Manual Book

VPN OpenVPN Open Source

OpenVPN Endian Firewll

1 VPN host-to-hots

Site A Site B

Server Site A

* Host-to-Net Client To Site

1. Endian Firewall 2 Site

2.
3.
4.

Endian Firewall Community Web Browser

(https://server_ip_address:10443)
vpn Openvpn Server
Tab Server configuration
Dynamic IP pool start address Dynamic IP pool end address
IP Address (LAN) (
Roadwarrior )

checkbox OpenVPN Server enabled

2

85

Endian Firewall 2.3 rc1 - Manual Book

2 Server configuration
5.
Save and restart 2
6.
Accounts 3 Add
account

3 Accounts
Username Password checkbox Direct all client
traffic through the VPN server 4
Save
7.

86

Endian Firewall 2.3 rc1 - Manual Book

4 Add new user

8.

Restart OpenVPN server 5

87

Endian Firewall 2.3 rc1 - Manual Book

5
9.
Advanceed 6
Save and restart

6 Advanced
10. Download CA Certificate XXX.cer
Server Site B

88

Endian Firewall 2.3 rc1 - Manual Book

7 Download CA Certification
Status Services
STOPED
RUNNING
7.1

7.1 Open VPN Server Status

Server Site B
1.
Site B OpenVPN client
(Gw2Gw) Add tunnel configuration

8 OpenVPN client (Gw2Gw)

89

Endian Firewall 2.3 rc1 - Manual Book

2.
Add VPN tunnel 9

Connection Name :
Connection to : Public IP VPN Server Site A
Upload ca file : CA VPN Server Site A
Username : username VPN Server Site A
Password : password VPN Sever Site A
Remark :

9 Add VPN tunnel

3.
Advanced tunnel configuration
10
Connection configuration
Fallback VPN servers :
Prot
(1194)
-

Connection type: Routed

Bridge to : GREEN

90

Endian Firewall 2.3 rc1 - Manual Book

Block DHCP responses coming from tunnel:

NAT : * Ping

Protocol: UDP

HTTP proxy configuration

Proxy

HTTP proxy :
Proxy username :
Proxy password :
Forge proxy user-agent :

10 Advanced tunnel configuration

4.
11

() CA

91

Endian Firewall 2.3 rc1 - Manual Book

11 Advanced tunnel configuration

5.
Siate A
Connection status and control 12
IP Address
Global settings VPN Server Site B Status Site B
established 13
Client
VPN Server

92

Endian Firewall 2.3 rc1 - Manual Book

Site A

12 Connection status and control Site A

Site B

13 Status Site B
* Site A Site B

1. Connect ( Status established ) Ping

93

Endian Firewall 2.3 rc1 - Manual Book

- Advanced tunnel configuration NAT

- Filewall / VPN firewall configuration Rule
(Disable)
- Ping Site B Site A Ping Site A Site B
established
2. Connect ( Status established ) Ping

- ......

94

Endian Firewall 2.3 rc1 - Manual Book

Part 7 : Network
7.1 Interfaces : ( Link )
7.1.1 Uplinks manage
* Intranet

Loadbalance
Lan Card Drivers Lan Card
Route Endian Firewall
1. Interfaces TAB Uplink editor Create an uplink 7.1.1-1

7.1.1-1
2.

3. Create Uplink

95

Endian Firewall 2.3 rc1 - Manual Book

7.1.2 VLAN manager ..

7.2 Routing

( Policy Routing )
Routing
( Static
7.2.1

1. Tab

Routing Editor )

Static Routing / Add a new route 7.2.1-1

7.2.1-1
2.

3. Add Route

7.2.2 ( Policy

Routing Editor )

96

Endian Firewall 2.3 rc1 - Manual Book

1. 7.2.1 ()

7.2.2-1

7.2.2-1
2. Update Rule
* Multi WAN , Internet Load Balance
( Route )

7.3 Edit Hosts :

Hosts
Hosts Client Report
Log
Ntop IP Hosts

IP

97

Endian Firewall 2.3 rc1 - Manual Book

Part 8 : Serveice
8.1 DHCP : IP Address ( Dynamic Host Configuration Protocol )
DHCP IP Address

Ntop
8.2 Traffic Monitoring :
NTOP ....
8.2.1. NTOP ( Enable Traffic Monitoring )
Service / Traffic Monitoring Enable Traffic
Monitoring NTOP

The Traffic Analyzer module is active: access to the administration interface

8.2.2 NTOP ( Access to the NTOP By : administration interface )

administration interface 8.2.2-1

8.2.2-1

98

Endian Firewall 2.3 rc1 - Manual Book

8.3 Quality of Service Devices (QOS) :

8.3.1 :

: Quality of Service Devices

8.3.2 :

: Quality of Service Classes

99

Endian Firewall 2.3 rc1 - Manual Book

8.3.3 :

Quality of Service Rules

100

Endian Firewall 2.3 rc1 - Manual Book

Part 9 : QQ
Tip
1. Restart
- password password "endain" ( " ")

- password root # passwd control

password
- password admin config web # htpasswd /var/efw/auth/
users admin
- update " configure
Tools -> Options -> Advance -> Encryption -> View Certificates Servers
ip address endian firewall Servers
Authorities efw-xxxxxx "
NinNin
http://www.thaiadmin.org/board/index.php?topic=121955.0
Noktualek

101

Endian Firewall 2.3 rc1 - Manual Book

Part : 10

Referrence

http://www.easyzonecorp.net/network/view.php?ID=241
http://www.itwizard.info/technology/linux/efw/ovpn_host_to_net/
efw_ovpn_host_to_net.html
http://samba-beginner.blogspot.com/2009/01/setup-openvpn-endianfirewall.html
http://samba-beginner.blogspot.com/2009/02/openvpn-endianfirewall.html

102