|
|
||||||||||
Why have a Software Firewall / ProxyDIY Computer Repair can Help! Why would you want to have a software firewall when you have a router that has the firewall built in the hardware? With a hardware firewall you are limited with the 'rules' you can use for connecting in to and out of your network. Where as with a software firewall you have more flexibility in creating your rules. The problem with a software solution is you need a computer between your hardware router and your client computers. This computer is normally called a Proxy Server. How would you setup a 'Proxy Server'? Well it really isn't hard just involved. Of course you will need a computer but the difference is in the network cards or NIC's. You will need two dissimilar NIC's. By dissimilar I mean two separate NIC's. Such as a 3Com and a Net Gear. This isn't important on the surface but when you set up the network having dissimilar NIC's make identifying the lan side and wan side of the proxy easier. Also you will need a program that is a proxy server, this is the meat of the setup. I have used Win Gate (an Australian company QBik) for years and am familiar with it's workings. It has a GUI (Graphic's User Interface) that makes writing the 'rules' easier than some of the other proxy servers I have used. So how do you setup your firewall? You have your computer and your NIC's, you can use any OS for your computer if it supports two NIC's. I normally use a Server OS. Once you have the OS loaded I suggest you name one NIC Lan (Local Area Network) and the other WAN (Wide Area Network) where the LAN is your network on your side of the router and WAN is the connection to the router. You give the LAN NIC an IP address that is on your local network and you give the WAN NIC an IP address that the router supports. I do suggest that you use static IP addresses. On the LAN NIC you do not want to put in a gateway IP. On the WAN side the gateway address will be the IP address assigned by your ISP.
Test your connections, connect to the proxy server from one of your computers on the LAN side. From the proxy server connect to a web site. If you have no problems connecting to and out of the proxy server computer you are ready to install the proxy software. Once you have your proxy software installed all that is left to do is write the 'rules'. A 'rule' is broken down in to three parts:
Normally you would give all the users on your network access to the World Wide Web, they would connect on the LAN NIC and the connection would go out the WAN NIC. Also there may be additional parameters you can set, such as time of day for the connection, a list of web sites or 'keywords' that are restricted and the length of time for a connection. A rule would look like this:
Note: These settings are fictitious. This works very well for programs like Net Nanny or business that want to restrict users from surfing while they are at work. The Gateway IP for the client computers, this is the LAN IP of the Proxy Server. Now on the client computers you need to setup the gateway ip on the NIC that uses a static IP. If you have a DHCP server check the DHCP page (it will be called the Router in the Scope) for where to add in the gateway settings. Add the gateway IP to any software that has an option for the gateway IP and port. IE has this option under the Internet Options / tools / connections at the bottom of the page. Other programs that access the internet will have a proxy setting in the options or instructions on how to connect to a proxy server.
Do It yourself Computer Repair Books and E-Books Index
Return to previous page Home Support About owner Site Map Why I use SBI Privacy Policy Return to top
|
|
|||||||||
|
Lower your cost of Ownership
|
||||||||||
|
|
||||||||||
