Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 21 February 2020, 03:41:59 am

Login with username, password and session length

Visit the Official Endian Bug tracker  HERE
13974 Posts in 4258 Topics by 6055 Members
Latest Member: remu
Search:     Advanced search
+  EFW Support
|-+  Development
| |-+  Contribute Your Customisations & Modifications
| | |-+  EFW 2.3RC - Source ports mod on Outgoing Firewall
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW 2.3RC - Source ports mod on Outgoing Firewall  (Read 6836 times)
Hero Member
Offline Offline

Posts: 495

« on: Sunday 18 October 2009, 03:25:05 am »

Endian Firewall 2.3RC - Source ports modification

This modification adds the feature to create outgoing fw rules based on source TCP/UDP port, not only by destination port. It also redesign the outgoing firewall webpage, adding Source Port info. It also shows if a rule is being logged or not (very useful for me).

The forum doesn't have attachment option. I know those fileshare webpages are annoying, but I dont have any other place to host the file.

Option 1: All done via Windows (best option for Linux newbies).
1- On Endian GUI go to System->SSH Access and enable it.
2- Download WinSCP for your Windows PC, and install it.
3- Run WinSCP. Create a new session with these configs:
        Host Name: The IP of your endian firewall
        Port: 22
        username: root
        password: your root pas sword (defined on System->Pas swords)
        File Protocol: SFTP     
        Allow SCP fallback checkbox: Enabled
4- Click Login. The first time it will warn you about new keys and security stuff. Press OK
5- You have a explorer-like window. Drag & Drop the file "EFW-2.3RC-sourcePorts-mod.tgz" you downloaded.
6- Right-click on the file. Select Custom Commands->Untar/GZip. Click OK twice.
7- Go to the new dir created, called EFW-2.3RC-sourcePorts-mod
8- Select install.sh file. Right-Click and select Custom Commands->Execute
9- Click OK and you are done.

Option 2: Linux console commands
1- Copy "EFW-2.3RC-sourcePorts-mod.tgz" to your endian box.
2- tar -xvf EFW-2.3RC-sourcePorts-mod.tgz
3- cd EFW-2.3RC-sourcePorts-mod
4- ./install.sh

Option 1:
1- Use WinSCP to connect to the EFW box.
2- go to directory EFW-2.3RC-sourcePorts-mod/
3- Execute uninstall.sh (as you did on install point 8 ).

Option 2:
1- cd EFW-2.3RC-sourcePorts-mod
2- ./uninstall.sh
3- You shouldn't see any error messages. Anyway if it fails, you can restore the original files with the ./restoreOriginals.sh

 When creating or editing a new outgoing rule, there is a new checkbox on port definition.
You can set the ports as source ports instead destination ports .

I'm not responsible by any damage that mod can cause, direct or indirect. The script goes as-is, I have tested it and works well for me, I don't guarantee anything.

 I use it for VOIP applications. VOIP applications usually uses a wide range of destination ports. This is awful to control via on a firewall. The solution is force the application to use a source port on all their connection needs.
 This way if you want to allow this app in the firewall you simply define a rule with source port , no matter what dest port it will connect.

Things to do:
 Add source port mod to QoS. By now it's only added on outgoing firewall.
In QoS I simply use high priority on all UDP traffic (mainly VOIP, so it's ok).
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.031 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com