Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 23 November 2024, 07:18:06 am

Login with username, password and session length

Visit the Official Endian Bug tracker  HERE
14258 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  EFW best practices, port forward per port or 1:1 nat?
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW best practices, port forward per port or 1:1 nat?  (Read 15886 times)
bangsters
Full Member
***
Offline Offline

Posts: 34


« on: Monday 27 July 2009, 03:56:34 pm »

Hi.

How did you guys implement EFW in your cluster? 

1. Port Forwarding.  All ports are disabled except for the specific ports which are natted to the private IPs.
2. 1:1 NAT.  Then in Firwall -> System Access disalbe specific ports, or enable these ports only for certain IPs.  Like ssh and rdp ports only allowed on your IP.

Which method are you using?  Currently how we implemented ours is using the first one.  ALl ports are disabled.  We enable specific ports (80,143,443, 25, etc) for each and every public IP and destination private IP.  The result is a very long list of port forwarding rules.

Is the second option above a better choice?  Why or why not?

Thanks
Logged
bangsters
Full Member
***
Offline Offline

Posts: 34


« Reply #1 on: Thursday 30 July 2009, 08:50:22 am »

bump anyone?
Logged
sterilegenie
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Monday 03 August 2009, 11:59:17 am »

Im currently using Astaro Security Gateway and Im using Snat and Dnat, the rules are long, its a pain in the arse to get setup but once its done..... its done!
Im looking at Endian right now because I have reached my user license limit. I hope others chime in on this one to see what others suggest.
Logged
itguy12
Jr. Member
*
Offline Offline

Posts: 3


« Reply #3 on: Saturday 22 August 2009, 12:01:11 am »

What about SNAT? Do you have certain private IPs source NATed out as an external IP that is not your firewall IP? How did you accomplish this?
Logged
theonegod
Jr. Member
*
Offline Offline

Posts: 2


« Reply #4 on: Saturday 22 August 2009, 01:52:34 am »

I just setup one of these and I used Port Forwarding with access control entries in addition to SNAT settings. The list IS long but you can speed the process up a bit by editing the config file directly.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com