- This topic is empty.
February 8, 2011 at 8:26 pm #42854wlhjMember
I am a network administrator (but only have experience with Windows). I work for a public library system. We have set up several wi-fi hotspots with a product called publicip. We have had poor service and are trying to set up our own hotspots. We must route all of the internet requests through our ISA proxy server as it serves as our internet filter. We are required by the government to filter all pornography.
I have been able to set up zeroshell to access the internet. I have not been able to get any rules to work on the firewall. I have set up DHCP and the only way I have been able to get the internet to work is with NAT turned on. I don’t really need NAT as our ISA server uses NAT.
Our Lan has the network address of 192.168.100.0/24 with the gateway address being 192.168.100.1. Our ISA server has a lan address of 192.168.100.19:8080 and an external address of 184.108.40.206. It is also important that we not allow the wireless clients to access any computers on our LAN with the exception of our DNS servers at 192.168.100.20 and 192.168.100.5. Our LAN address on the zeroshell is 192.168.100.32.
I have set up an internal network on the zeroshell box of 10.10.55.0/24 and configured ethe01 with address 10.10.55.1.
I have only been able to access the internet from the 10.10.55.0 network by bridging the two interfaces, turning NAT on, and adding two forwarding rules that allow all traffic between the two interfaces. However, I have not been able to disable any other protocols.
I have tried to disable DHCP on the LAN interface, as we have a DHCP server on our LAN passing out 192.168.100.0 addresses. The lan computers are trying to contact the zeroshell which only passes out 10.10.55.0 addresses.
I have set up both input and output rules that block udp on ports 67 and 68 and have tried forwarding rules that block udp on ports 67 and 68 coming from ETH00 which is our LAN facing interface.
I don’t know if I have a configuration issue(a service that needs to be started) or I’m not setting up my rules properly.
Any help with this would be appreciated.July 5, 2011 at 2:18 am #51574infiernoParticipant
Good corduroy I had the same problem and easily using solvent ubuntu if you want I can pass the configuration and how to implement the solution that I use
- You must be logged in to reply to this topic.