Difference between revisions of "Help:Firewalling"

From twofo wiki
Jump to navigation Jump to search
 
(40 intermediate revisions by 2 users not shown)
Line 1: Line 1:
'''Firewalling out Off Campus Connections'''
#REDIRECT [[Firewalling]]
 
Due to the restrictions and threats of disconnections by ITS on campus, it is worth thinking about blocking all external connections to DC++ on campus.  This does NOT guarantee safety from ITS on campus, but it will stop you using any external bandwidth and hopefully keep you a bit more under the radar.
Almost all the time, connections between on campus and off campus people are impossible due to the traffic shaper, so even without any kind of firewall rules in place you should not be transferring to or from somebody off campus. However, the connection attempts will be detected and blocked by the traffic shaper even if you do not see any transfers in DC++ (although a connection may rarely slip through the traffic shaper).
 
 
Firewalling off campus out is only intended as an extra layer of security, and does not guarantee you safety from ITS. We do believe that is is by far the best thing you can do though and recommend it to everybody.
 
 
Guides for blocking blocking external connections to DC++ in various firewalls are below.  If you are looking for a quick and easy firewall to block connections, both Sygate Personal Firewall 5.6 (NB. Now owned by Symantec so you would have to use a version equal to or below this) and Sunbelt Personal Firewall works for free doing this job even after the trial license runs out. ''NB. This is NOT the Kerio WinRoute Firewall''.  Tiny is also good, but this is shareware.
One of these is probably the best choices if you need a new firewall specifically for blocking external connections as they are reasonably light on system resources.
 
 
 
==[http://www.twofo.co.uk/resources/SPF.htm Sygate Personal Firewall]==  (produced by fallingmagpie)
 
Works on Windows XP or below only.  Free shareware, continues to work after license runs out.  Downloadedable from http://www.download.com/Sygate-Personal-Firewall/3000-2092_4-10049526.html.
 
==[http://www.twofo.co.uk/resources/wipfw.zip WIPFW]==  (produced by Rampage)
 
'''Free Firewall'''
 
This is not a fool proof way to block Off Campus connections as it doesn't filter by application but it is the easiest and quickest way to get a firewall set up. (Need someone to test it with Vista)
 
To block connections to Off campus users you must do the following:
In DC++ go to '''File -> Settings -> Connection Settings''' and set the Incoming and Outgoing conenction settings as ''''Direct Connection'''' and the TCP and UDP port as ''''20000''''.
 
Now download the WIPFW from the http://lordoberon.co.uk/~rampage/wipfw.zip , unzip the contents into the '''Program Files''' folder and run the file ''''install''''. That is all you need! Please check with an Operator to confirm whether the firewall is working.
 
==[http://www.twofo.co.uk/resources/Comodo3.pdf Comodo Personal Firewall 3]== (produced by Rampage)
 
'''Free firewall'''<br>
Version 3 is Windows Vista compatible
 
There is a guide available for Comodo Personal Firewall Version 2.4 [http://www.twofo.co.uk/resources/Comodo.pdf here].<br>
You can download Comodo Personal firewall from http://personalfirewall.comodo.com.
 
==[http://www.twofo.co.uk/resources/Kerio2.pdf Sunbelt (Kerio)]==  (produced by astropoint)
 
This is '''NOT''' the Kerio WinRoute Firewall<br>
Windows XP and below only<br>
Download from http://www.vnunet.com/vnunet/downloads/2128767/kerio-personal-firewall
 
==[http://www.twofo.co.uk/resources/ZoneAlarm2.pdf ZoneAlarm]==  (thanks to Huck)
 
This is '''NOT''' the free version of the firewall.  As far as we know the free version of the firewall cannot block external connections properly.  However this is as yet untested on the vista compatible version (7.1)
 
==[http://www.twofo.co.uk/resources/Kaspersky.pdf Kaspersky]==
 
Windows Vista compatible
 
==[http://www.twofo.co.uk/resources/Tiny.pdf Tiny]==  (produced by Rampage)
 
Windows XP and below only
 
 
 
==[http://www.twofo.co.uk/resources/CAPF.pdf CA Personal Firewall]==  (produced by Rampage).
 
Some people seem to have trouble running this firewall on vista.  Try Comodo if you experience issues
 
==[http://www.twofo.co.uk/resources/jeticoguide.rar Jetico Personal Firewall]==  (produced by itsmonktastic)
 
Vista Compatible.
<br>Expert firewall
 
==[http://www.twofo.co.uk/resources/Norton.pdf Norton Personal Firewall]==    (produced by astropoint)
 
Guide was produced for Norton 2005, but the basic structure of the rules etc hasn't changed so should be applicable to more recent versions.
 
==[http://www.twofo.co.uk/resources/Mcafee.pdf Mcafee]==  (produced by 2448-1111)
 
''Warning:'' This puts the whole of the Resnet into the firewall's "Trusted Zone" which is a really bad idea on the whole.  So if somebody comes up with a way of allowing IPs JUST to DC++, pm astro/astropoint and I'll try to update the guide.
 
 
==[http://www.twofo.co.uk/resources/iptables.htm Linux]==
 
A guide for setting up the Linux firewall, iptables, to block external connections.  (produced by xyzzy originally. Resurrected by mooo)
 
==Windows==
 
From what we can see, external connections ''cannot'' be blocked using only the windows firewall.  This is certainly the case with the XP firewall, however it is in theory possible to do it on Vista, however nobody has yet managed it.  If you do manage it, tell an op and this space will be updated. 
 
==Mac==  (produced by Rampage)
 
This is not a fool proof way to block Off Campus connections as it doesn't filter by application but it is all we have for Mac OS. Guide produced using IPFW which should be installed by default on a Mac OSX. You will need to set the TCP and UDP port on your direct connect client as ''''20000''''.
 
Now download the files http://www.lordoberon.co.uk/~rampage/twofofirewallon.sh and http://www.lordoberon.co.uk/~rampage/twofofirewalloff.sh and open terminal and navigate to the folder where you saved these files
 
'''sudo sh twofofirewalloff.sh''' will stop the firewall for twofo (prevent duplicate rules)
 
'''sudo sh twofofirewallon.sh''' will start the firewall for twofo
 
Confirm with an Operator to check that it is working.
 
 
 
 
If you want to do this from scratch, you need to find how to get your firewall to only allow Resnet IPs (137.205.0.0 - 137.205.254.254 or 137.205.0.0/16 or 137.205.0.0/255.255.0.0) and the loopback address for stunnel (127.0.0.1) and blocking all other IPs from connection.  Conversely you could allow all IPs then block 0.0.0.0 - 126.254.254.254, 127.0.0.2 - 137.204.254.254 and 137.206.0.0 - 254.254.254.254 specifically.
 
Also, if you do this on a firewall not listed here then please contact an op with at least a basic set of instructions to be uploaded here.
 
 
 
 
If there are any other problems any of the guides themselves, please contact astropoint/astro on the hub or on the forums and I shall try to correct them.
Or, if you feel you can produce a guide for any other firewall, please do so and pass it onto me and I shall upload it onto here.

Latest revision as of 21:03, 29 October 2008

Redirect to:

Retrieved from "https://twofo.co.uk//wiki/index.php?title=Help:Firewalling&oldid=2143"