Help:Firewalling

From twofo wiki
Revision as of 15:22, 5 August 2007 by Astropoint (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Firewalling out Off Campus Connections

Due to the restrictions and threats of disconnections by ITS on campus, it is worthy thinking about blocking all external connections to DC++ on campus. This does NOT guarantee safety from ITS on campus, but it will stop you using any external bandwidth and hopefully keep you a bit more under the radar. Almost all the time, connections between on campus and off campus people are impossible due to the traffic shaper, so even without any kind of firewall rules in place you should not be transferring to or from somebody off campus. However, the connection attempts will be detected and blocked by the traffic shaper even if you do not see any transfers in DC++ (although a connection may rarely slip through the traffic shaper). Firewalling off campus out is only intended as an extra layer of security, and does not guarantee you safety from ITS.

If you want to do this from scratch, you need to find how to get your firewall to only allow Resnet IPs (137.205.0.0 - 137.205.254.254) and the loopback address for stunnel (127.0.0.1) and blocking all other IPs from connection. Conversely you could allow all IPs then block 0.0.0.0 - 126.254.254.254, 127.0.0.2 - 137.204.254.254 and 137.206.0.0 - 254.254.254.254 specifically.

Guides for blocking blocking external connections to DC++ in various firewalls are below

1. Norton Personal Firewall: http://manyhappy.members.beeb.net/Norton.pdf (produced by astropoint)

2. ZoneAlarm: http://manyhappy.members.beeb.net/ZoneAlarm2.pdf (thanks to Huck)

Feedback would be appreciated. New guide that ought to avoid the old one's flaw of opening you up completely to resnet (and associated viruses) :)

3. Mcafee: http://manyhappy.members.beeb.net/Mcafee.pdf (produced by 2448-1111)

Warning: Again, this puts the whole of the Resnet into the firewall's "Trusted Zone" which is a really bad idea on the whole. So again, if somebody comes up with a way of allowing IPs JUST to DC++, pm astro/astropoint and I'll try to update the guide.

4. Tiny: http://manyhappy.members.beeb.net/Tiny.pdf (produced by Rampage).

5. Linux: A guide for setting up the Linux personal firewall, iptables, to block external connections, is available here http://www.dcs.warwick.ac.uk/~csucda/iptables.html (produced by xyzzy)

6. Sunbelt (Kerio): http://manyhappy.members.beeb.net/Kerio2.pdf (produced by astropoint)

7. Sygate Personal Firewall: http://manyhappy.members.beeb.net/SPF.htm (produced by fallingmagpie)

8. Jetico Personal Firewall: http://manyhappy.members.beeb.net/jeticoguide.rar (produced by itsmonktastic)


9. Windows: From what we can see, external connections cannot be blocked using only the windows firewall. If you do manage it, tell an op and this space will be updated. Use one of the above if you want to block externals

Both Sygate Personal Firewall 5.6 (NB. Now owned by Symantec so you would have to use a version equal to or below this) and Sunbelt Personal Firewall works for free doing this job even after the trial license runs out. NB. This is NOT the Kerio WinRoute Firewall Tiny is also good, but this is shareware. One of this is probably the best choices if you need a new firewall specifically for blocking external connections as they are reasonably light on system resources.


If there are any other problems any of the guides themselves, please contact astropoint/astro on the hub or on the forums and I shall try to correct them. Or, if you feel you can produce a guide for any other firewall, please do so and pass it onto me and I shall upload it onto here

Retrieved from "https://twofo.co.uk//wiki/index.php?title=Help:Firewalling&oldid=1718"