Why have a Software Firewall / Proxy

DIY Computer Repair can  Help!

Why would you want to have a software firewall when you have a router that has the firewall built in the hardware?

With a hardware firewall you are limited with the 'rules' you can use for connecting in to and out of your network.

Where as with a software firewall you have more flexibility in creating your rules.

The problem with a software solution is you need a computer between your hardware router and your client computers. This computer is normally called a Proxy Server.

How would you setup a 'Proxy Server'? Well it really isn't hard just involved. Of course you will need a computer but the difference is in the network cards or NIC's. You will need two dissimilar NIC's. By dissimilar I mean two separate NIC's. Such as a 3Com and a Net Gear. This isn't important on the surface but when you set up the network having dissimilar NIC's make identifying the lan side and wan side of the proxy easier.

Also you will need a program that is a proxy server, this is the meat of the setup. I have used Win Gate (an Australian company QBik) for years and am familiar with it's workings. It has a GUI (Graphic's User Interface) that makes writing the 'rules' easier than some of the other proxy servers I have used.

So how do you setup your firewall?

Fix It! Your
DIY Computer Repair Newsletter!
Click here to get your copy of Fix It!

You have your computer and your NIC's, you can use any OS for your computer if it supports two NIC's. I normally use a Server OS. Once you have the OS loaded I suggest you name one NIC Lan (Local Area Network) and the other WAN (Wide Area Network) where the LAN is your network on your side of the router and WAN is the connection to the router.

You will find more information on firewalls and routers in the Self Computer Repair Unleashed! E-Book.

You give the LAN NIC an IP address that is on your local network and you give the WAN NIC an IP address that the router supports. I do suggest that you use static IP addresses.

On the LAN NIC you do not want to put in a gateway IP. On the WAN side the gateway address will be the IP address assigned by your ISP.

Where the firewall comes in is the two network cards. The two networks are physically separated with the two network cards. Data has to flow from one network card to the proxy server to the other network card. You still need the router for the hardware firewall that the software can not provide specifically the Block WAN Request and will provide services for other protocols like: IPSec, PPTP,  and L2TP Pass Through. These are not necessary protocols unless you are setting up a VPN for your users/employees to connect while on the road.

Test your connections, connect to the proxy server from one of your computers on the LAN side.  From the proxy server connect to a web site. If you have no problems connecting to and out of the proxy server computer you are ready to install the proxy software.

Once you have your proxy software installed all that is left to do is write the 'rules'. A 'rule' is broken down in to three parts:

  • Who can connect
  • Where they can connect to
  • The interfaces they can connect on.

Normally you would give all the users on your network access to the World Wide Web, they would connect on the LAN NIC and the connection would go out the WAN NIC. Also there may be additional parameters you can set, such as time of day for the connection, a list of web sites or 'keywords' that are restricted and the length of time for a connection.

A rule would look like this:

  • Rule name
  • Sessions (Users): all
  • Mappings: www.websitea.com
  • Port: 1010
  • Bindings (LAN): 10.10.10.3
  • Interfaces (Wan): 140.155.14.191
  • Time: 00:00
  • Restrictions: none

Note: These settings are fictitious.

This works very well for programs like Net Nanny or business that want to restrict users from surfing while they are at work.

The Gateway IP for the client computers, this is the LAN IP of the Proxy Server. Now on the client computers  you need to setup the gateway ip on the NIC that uses a static IP.

If you have a DHCP server check the DHCP page (it will be called the Router in the Scope) for where to add in the gateway settings.

Add the gateway IP to any software that has an option for the gateway IP and port. IE has this option under the Internet Options / tools / connections at the bottom of the page. Other programs that access the internet will have a proxy setting in the options or instructions on how to connect to a proxy server.

You will find a lot more information about a Software Firewall / Proxy in the Self Computer Repair E-Book.

Return to top


Q and A

This site contains a lot of information. As with any publication not all information is available due to space, time, or subject constraints.

If you have a question that you did not find the answer on this web site  you a can ask your question here and we will endeavor to get you the most up to date answer possible!


Free Stuff!


Thank you for visiting my web site, and please come back again.

© www.diy-computer-repair.com '2008 Copyright Russell Enterprises All Rights Reserved
DiY Computer Repair contact support and sig. If you find this Web Site useful, feel free to recommend it to a friend.



Return to previous page



 
This website is not intended for children under the age of 18

 Home   Support   About owner   Site Map
Why I use SBI  Privacy Policy   Disclaimer

From the Desert South West ~ Arizona, USA
Copyright DIY-Computer-Repair.Com 2006-2011

powered-by-sbi



My Twitter! xml-rss Add to My Yahoo!
Add to My MSN Add to Google AddThis Social Bookmark Button My StumbleUpon Page Computer Blogs - BlogCatalog Blog Directory

Page copy protected against web site content infringement by Copyscape

www.diy-computer-repair.com BBB Business Review



Site Sponsors

Once You Know, You Newegg
Electronic Parts
Save 20% on AVG Antivirus 2011 Professional
AVG kills viruses
Spyware and
Malware removal
Webroot Software Inc.

Need a battery for your Laptop?
All-Battery.com

Are you a Gamer?
GameStop.com

Laptop Accessories
LaptopZ.com - Your One-stop Laptop Parts Store!

Need an excellent CD/DVD burning program?

Buy Creator 2012 Today!
Kensigston Products

Fire that geek that is messing up your computer, you can do a better job.

More solutions in one place!

Self Computer Repair Unleashed

The Official  www.diy-computer-repair.com Reference manuals

Get yours Today!

How do you stop a hacker in their tracks? With a firewall!

 
Index
Home Page

How To's..
Auto Conf
Cleaning a computer
Change A File or Directory Attributes
Cleaning Your Keyboard
Create a bootable floppy
Create a bootable CD/DVD
Create a bootable USB device
Custom XP installation CD
WintoFlash for your USB Drive
Dual Boot for your computer
Installing a Hard Drive
Making an External Hard drive bootable
How to make a bootable USB hard drive
Build a BartPE disk
BartPE and ERD Commander
Crossover cable connection to transfer files.
Defragment your hard drive
Create an image of your hard drive
Creating a Symantec Ghost image
Restore Symantec Ghost image
Copy or Move a File?
Disaster Recovery
Connectors - What are they?
[Humor]
Installing new hardware, a how to...
Internet in your RV? Network Attached Storage NAS
Network Connection Speed
Overclocking - Processor and FSB
Partition and format a hard drive
Performance optimization
More...Performance optimization
Increased Security For Your Computer
Setup a Router
Wireless Router setup
Setup Software / Firewall
Windows Firewall Service
System Manager Tips
System Tools
Storage Manager
Services and Application
Upgrade your Motherboard
Backup for Windows XP