LANCOM Router Firewall Konfiguration: Unterschied zwischen den Versionen
KKeine Bearbeitungszusammenfassung |
|||
| Zeile 1: | Zeile 1: | ||
https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115 | https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115 | ||
== Firewall Ports == | |||
{| class="wikitable" | |||
|+Allgemeine Ports | |||
!Port | |||
!Dienst | |||
!Protokoll | |||
! | |||
|- | |||
|53 | |||
|DNS | |||
|TCP | |||
| | |||
|- | |||
|80 | |||
|HTTP | |||
|TCP | |||
| | |||
|- | |||
|443 | |||
|HTTPS | |||
|TCP | |||
| | |||
|- | |||
|500 | |||
|IPSEC / VPN | |||
|UDP | |||
| | |||
|- | |||
|4500 | |||
|IPSEC / VPN | |||
|UDP | |||
| | |||
|- | |||
| | |||
| | |||
| | |||
| | |||
|} | |||
== Firewall Regeln für AddIn == | == Firewall Regeln für AddIn == | ||
Version vom 29. März 2021, 10:47 Uhr
https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115
Firewall Ports
| Port | Dienst | Protokoll | |
|---|---|---|---|
| 53 | DNS | TCP | |
| 80 | HTTP | TCP | |
| 443 | HTTPS | TCP | |
| 500 | IPSEC / VPN | UDP | |
| 4500 | IPSEC / VPN | UDP | |
Firewall Regeln für AddIn
Allgemeine Dienste:
cd /
cd /Setup/IP-Router/Firewall/Rules
del *
# Name Prot. Source Destination Action LB-Policy Linked Prio Firewall-Rule VPN-Rule Stateful Src-Tag Rtg-tag Comment
# ==================================-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "WINS" {Prot.} "TCP UDP" {Source} "NETBIOS ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "block NetBIOS/WINS name resolution via DNS"
add "ALLOW-VPN" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "IPSEC ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "ALLOW-DNS" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "DNS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "ALLOW-INET" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "MAIL HTTP HTTPS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "DENAY-ALL" {Prot.} "ANY" {Source} "ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "CONTENT-FILTER" {Prot.} "TCP" {Source} "LOCALNET" {Destination} "WEB ANYHOST" {Action} "CONTENT-FILTER-BASIC" {LB-Policy} "" {Linked} No {Prio} 9999 {Firewall-Rule} No {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "pass web traffic to Content-Filter"
cd /
Zusätzlich für ein Bestimmtes Netz "Produktiv" in ein VPN Tunnel alles freigeben:
add "IGEL" {Prot.} "ANY" {Source} "%LPRODUKTIVNETZ" {Destination} "%HPRODU@Z_RZGA_M" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 100 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""