How to lock down external access to our network

Home Page Forums Network Management Networking How to lock down external access to our network

This topic contains 2 replies, has 0 voices, and was last updated by  Smokeshow 9 years, 7 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #41486

    Smokeshow
    Member

    So we have implemented a Zeroshell router here at the office using the latest beta version (11). We just discovered a pretty major issue: Anybody is able to access our entire network if they are using the same ISP as us. All they would have to do is change their default gateway to be our routers WAN address, and then they would be able to access any of our computers as if they were on the local network.

    Here is how I have the box setup:

    ETH00 (WAN):

    IP: 12.34.56.78
    Subnet Mask: 255.255.255.0

    ETH01 (LAN):

    IP: 192.168.0.2
    Subnet Mask: 255.255.255.0

    I have NAT enabled on ETH00. The Default gateway is set as 12.34.56.1. RIP is disabled, and everything in my Routing Table is there automatically (except the default gateway which comes up as static).

    Does anyone have any suggestions on how to close this gaping hole?

    Thanks in advance 🙂

    #47651

    bbozo
    Member

    In Firewall (left menu)

    In INPUT, and FORWARD chains you need to add rules

    INPUT
    input interface:ETH00
    Connection State NEW (chech it)
    Action DROP

    FORWARD
    input interface:ETH00
    output int.: ETH01
    Connection State NEW (chech it)
    Action DROP

    be carefull when you are working with firewall you could lock yourself out.
    also very important is the sequence where this rules will be……

    #47652

    Smokeshow
    Member

    Okay, that definitely works. However, now it looks like I will probably have to create a firewall rule for each and every one of my port forwards. Is there any way around that?

    Also, I’m kinda new to administering a firewall & router of this type. Are there any good websites out there that I could read up on this stuff and get a little better acquainted with it?

    #47653

    zevlag
    Member

    Smokeshow, did you find some good references?

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.