I use Kerio 2.1.5 Firewall & i'm having some difficulty getting Richard Jones rule set to work properly
I'm attaching some jpg's of rule sets so far.
My ISP uses dynamic DNS for broadband ADSL
the folling are mockups of screen prints
pointing the browser to http://10.1.1.0/ gets to the speedstream 4200
Speedstream Router Management Interface
Speedstream Optusnet Broadband System Summary System Type: SpeedStream 4200-Series
[ianSnip] [ian also snipping MAC addresses]Point to Point Connection Summary: PPPoE 8/35 58.107.93.177 AccConn: rdl21.ba
Current Log Entries
0000-00-00 00:00:01 E |System |Current Mode: Bridge-Router 0000-00-00 00:00:01 E |CWMP |CWMP agent cannot reach the ACS namedLog Display Options Display All Log Entries System Firewall ADS Network ATM DSL Ethernet USB Firmware Config DHCP Server DHCP Client PPP PPPoE UPnP Diags NAT Owner DDNS Client User Content Filter ARP Telnet Admin Time Client CWMP Agent Internet Gateway Device
Routes
Current Routing Table Destination Netmask Gateway Flags Metric Interface
127.0.0.0 255.0.0.0 127.0.0.1 1 lo0 10.1.1.0 255.255.255.0 10.1.1.1 1 LAN Default Gateway 198.142.130.18 5 PPPoE 8/35 58.107.93.177 255.255.255.255 58.107.93.177 1 LAN Flags legend: (R)ip route, (S)taticSETUP | ppp
ISP Password
Setup for PPPoE 8/35 Access Concentrator: rdl21.ba Username: ... me ... Password: Access Concentrator (Optional) Service Name (Optional) [ian checked ] Auto-Connect on Disconnect Use Idle Timeout 0 Minutes
Mode
Mode Selection Select the operation mode: [ian radio button checked] Optus Bridge [ian radio button NOT checked] NAPT [ian radio button NOT checked] Full Bridge Remote Access
Remote Management Access
Username: Password: Application Port HTTP FTP Telnet Allow access for 20 minutes
User Profiles
Profile Wizard Current Profiles
# Profile IP Address Actions
0 1 2 3 4 5 Force all users to be identified before surfingWAN interface
WAN Interface Configuration Wizard Current Configuration
# VC Type Name Actions
0 8/35 PPPoE PPPoE 8/35 Disable Delete button button 1 2 3 4 5 6 7 *Checked interface is the default WAN interfaceHost
Host Configuration
IP Address: 10.1.1.1 IP Netmask: 255.255.255.0
Default Gateway: or [ ticked ] Use WAN
Host Name: [ian set to Optusnet ]
DHCP
DHCP Configuration
DHCP Server: [ian radio button checked ] "Enable" [ian radio button NOT checked ] "Disable" [ian radio button NOT checked ] DHCP Relay Relay IP: ian grayed 0.0.0.0
Client IP Address: 10.1.1.3
IP Netmask: [ian 255.255.255.0 ]
Default Gateway: [ian 10.1.1.1 ] or [radio button NOT checked [Self]
DNS Server: [ian blank ] or [radio button CHECKED [Self] Primary or Self
DNS Server: Secondary [ian blank ] (Optional)
Domain Name: [ ian it's set to "domain.invalid" without quotes]
Lease Time (mins): [ian 1 ] Requires a specified DNS or [radio button NOt Checked "Infinite time"
Time Client
Configure Time Zone
Enable Time Client: [ ian radio button Not Checked ] "No" [ ian radio button CHECKED] "Yes"
Primary Server: [ ian time.optusnet.com.au ]
Secondary Server: [ian pool.ntp.org ] (Optional)
Select Time Zone: [ian is 0 ] (minutes from UTC) ian note this is why DNS shows ISP is located in sydney
Static Route Configuration
Currently Configured Static Routes # Destination Net Mask Next Hop Interface Edit Delete Static Route list is empty.
Add Route Destination Net Mask Next Hop Interface [ian ---- select --- with a drop down arrow ] FIREWALL [ian 7 of these] Firewall Level Configuration
Current Firewall level: [ian set to "Low" ]
Select Firewall Level: [ ian drop arrow but currently set to off ] Firewall Snooze Control
Current Snooze interval: [ ian set "Off " "
[radio button ian NOT CHECKED Disable Snooze [radio button ian NOT CHECKED ] Enable Snooze, and set the Snooze time interval to: (minutes) [radio button ian NOT CHECKED ] Reset the Snooze time interval to: (minutes)DMZ
Firewall DMZ Configuration Current DMZ Status: Enabled Current DMZ Host IP Address: 58.107.93.177 [ian this radio button is CHECKED ] Disable DMZ [radio button ian NOT CHECKED ] Enable DMZ with this Host IP address: [ian 58.107.93.177 ] [radio button ian NOT CHECKED ] Enable DMZ with this Host IP address [ with a drop
down button "Select Host"]] ["refresh" button] [radio button ian NOT CHECKED ] Make Settings Permanent [radio button ian CHECKED ] Make Settings Last Until Modem Reboots [radio button ian NOT CHECKED ] Make Settings Last For: [ ian 60 ] minutes
["Apply" button] ["Reset" button] filter RulesFirewall IP Filter Configuration Wizard Inbound IP Filter Rules Rule No. Protocol Destination Destination Enable Interface Address Disable Delete
122 GRE any WAN Interface any Protected Protected 124 50 any WAN Interface any Protected ProtectedOutbound IP Filter Rules Rule No. Protocol Source Source Enable Interface Address Disable Delete
120 any any WAN Interface any Protected Protected [ian then buttons] "Add New IP Filter Rule" "Clone IP FIlter Level" "Delete All"Log Firewall Log [ian shows "No Events." ADS Firewall Attack Detection System Configuration
Enable Attack Detection System [ian Checkbox CHECKED ] After enabling the Attack Detection System, select events below to filter and/or log: [checkbox NOT CHECKED } "Filter All" [checkbox NOT CHECKED ] "Log All"
all items have checked "Filter" AND Log check boxes Same Source and Destination Address Broadcast Source Address LAN Source Address On WAN Invalid IP Packet Fragment TCP NULL TCP FIN TCP Xmas Fragmented TCP Packet Fragmented TCP Header Fragmented UDP Header Fragmented ICMP Header Inconsistent UDP/IP header lengths Inconsistent IP header lengths [ "apply" button]
********** end of Firewall options ******************UPNP
UPnP Configuration
[ian radio button NOT CHECKED ] Disable UPnP [ian radio button NOT CHECKED ] Enable Discovery and Advertisement only (SSDP) [ian radio button CHECKED!!! ] Enable full Internet Gateway Device (IGD) support Options: [ian checkbox NOT CHECKED ] Enable access logging [ian checkbox NOT CHECKED ] Read-only modeRIP
RIP Configuration
RIP Version Active Interface Disabled 1 2 1&2 Mode Multicast
Local Area Network [x] ian radio button checked] PPPoE 8/35 [x] ian radio button checked]
radio buttons under RIP Active Mode & Multicast NOT checked "apply" and "reset" buttons
Server Ports
SpeedStream Gateway Server Ports
Application Port HTTP 80 FTP 21 Telnet 23
"apply" and "reset" buttons
Dynamic DNS
Set Up Dynamic DNS
Dynamic DNS Client [radio button ian CHECKED ] Disable [radio button ian Not checked ] Enable
Service Username: [ ian blank ] Service Password: [ ian blank ] Host Name 1: [ ian blank ] Host Name 2: [ ian blank ] (Optional)
"apply" and "reset" buttons
***************** end of the mock- up screen prints. ******