EFW Support

Hi, im trying to buld a endian firewall/router/proxy and am encountering a few problems. They are probably noob problems with simple solutions, i tried searching on the forum and on google, but couldnt find much.

I was trying to just get the routing functionality working first. What i have basically done is setup DHCP, my green and red interfaces and all other associated things that are standard to setting up a router. But i wasnt sure about the DNS, i set it to automatic. My clients were getting IP addresses from the DHCP, but they couldnt access the internet :(

My connection is cable, so i set the red interface to ethernet dhcp, is this correct (i no that the cable provider gives me a dynamic ip address)?
I also wasnt sure if the DNS was working correctly either!

Is there something more you have to setup besides DHCP, DNS, and your interfaces to make a basic router?

So all in all, im ripely confused!


Any sort of basic help would be excellent!

Cheers,
Chris

Always test RED first before starting to play with GREEN. I mean, if your EFW box have problems with red, any client connected to it will have the same problem.

You are trying just a simple GREEN-RED setup, with nothing more. This is simply. Be a.nalitical, create your checklist of things you must test:

1- Test DHCP Server - Check your Endian firewall has DHCP Server OK. If you connect a PC and EFW gives you an IP with the correct IP, mask, Gateway and DNS servers you are ok.
2- Test DHCP Server 2 - Ping your EFW firewall from one machine from LAN.
3- Test RED from GREEN - Use tracert on one machine from LAN to see what route your traffic is trying to go. The important thing at this point is to use an external IP address, not a name server. We want to test the connection, not the DNS yet. Use the DOS command:  tracert 74.125.67.104. You should see the traffic going out from your EFW box to the internet. If you see that traceroute stops after the 1st jump (on your EFW box), there is a problem with the RED interface.
      3b- If above fails, test RED from Endian Firewall console: From Endian console, use the command:  traceroute 74.125.67.104. In some jumps should reach its destination (google.com). If it gives some error, then your RED interface is not working. If it works its some misconfig in Outgoing Firewall, that blocks traffic from client. Recheck Firewall->Outgoing FWall
4- Test DNS from GREEN:: If 3 is ok try  nslookup www.google.com. If it doesnt resolve, there must be some DNS problem.
      4b- If above fails, test DNS from Endian console: Use the same command nslookup www.google.com. If it doesnt resolve, your DNS servers are wrong, recheck your DNS servers on your config, use Network->Interfaces->main uplink  --> Edit  and recheck the config you used.
5- Test RED from GREEN with DNS: Once fixed the RED iface and DNS, just use a tracert www.google.com from any client, it should reach google.

You are a legend mate!
I got it working, just followed your steps!

Turned out i needed to reset my cable modem...

a  of other questions:
-how well does squid work within it? im just running tests now, and it doesnt seem to cache alot of things. For example, i downloaded a 80mb zip from my website, then cleared browsers cache and re downloaded, and it didnt appear to get it from the cache. I have the maximum object size for the cache set to 1024mb, and the cache size is 10gb. Is there some sort of file filter with squid, where it doesnt cache certain file? Ive had squid running for months now on another server and it did these sorts of tests correctly. (endian is also listing the hits/misses as 0 all the time)(yes ive enabled the proxy  :))

-is it possible to move the squid cache to another drive plugged into the machine, ie a faster one?

-are the default firewall settings fine for security?

I still must check the cache stuff, but it isn't a priority for me. My stats from today
                    Hour    Today
misses       12499    174351
hits                1531    23053
viruses found    0    0
viruses found    0    8

About 10% TCP hits, about 1% on TCP transfers.   At start it also have had 0 hits. Now, with about 200 users using inet, it reach that 10%.
My main use will be antivir updates. For windows updates I have a WSUS inside the domain, so it doesn't need to cache on Firewall.

Probably, mounting the new HDD, editing the squid config or using symbolic links. Never tested, tought. You must go to console and tweak here and there.
It is a main concern for you the cache speed?

By default its fairly good. I recommend enabling Intrusion detection and HTTP Proxy with content filtering, it gives you enhanced protection, suitable for mid-size enterprises.
 After that modify the outgoing firewall to suit your needs, just let the ports you use.

About HTTP Proxy URL filtering, I recommend you to update the blacklists and use the quickfix I posted about a bug on Content filtering.

Hmm, okay thanks for the info.

Its a shame the caching proxy doesnt work better though. These are my stats after 1 day of operation:
                   Hour   Today
misses            94    50754
hits                    0      1278
viruses found    0    0
Unfortunately it just doesnt seem to cache some larger files. Cant figure that one out :( I know in normal squid, you can edit the refresh patterns? Is there an easy way to do that here?
Or does it involve knowing alot of linux commands in the console  :-\