1. Every protocol that you want to tunnel through the
GNAT Box to a server requires a tunnel and a filter
(or a tunnel with the "Automatic Accept All" box
selected). The "From" end of the tunnel will be
a GNAT Box interface or alias (usually on the EXT
interface if you are allowing inbound connections
from the Internet to the PSN [DMZ], or on the PSN
interface if you are allowing connections from the
PSN to the PRO.)
2. Remote Access Filters control access to GNAT Box
addresses ONLY. If you are (for example) using
a Remote Access filter to control access to a
webserver, then the destination address of the
filter will be the "From" address of the tunnel,
not the IP Address of your webserver.
3. Create your tunnels before you create your filters.
After you create the filters, use "Default Current
Section" (the blue arrow that loops to the left
on the GBAdmin toolbar) to create a default set of
filters, which you can then modify to meet your
needs. You can do this both in "Remote Access"
and "Outbound".
4. The GNAT Box has a mini "Ident" server that runs
on the Ident port (113) and simply returns the
answer "Hidden User" to any queries. It keeps
IRC and SMTP servers happy without compromising
security. If you port scan your GNAT Box and
see port 113 active, don't be alarmed.
Those are probably among the most frequent issues
that one runs into the first time that they configure
a GNAT Box.
GB-Users is also a much friendlier place than most
technical discussion groups. Don't be afraid that
you'll get flamed for asking a basic question of
the group. I've only seen it happen once or twice,
and the group pretty quickly made it known to the
flamer that he was out of line.
If you still feel that you might be in over your
head, then GTA (as well as some companies that
have people who participate there) have support
contracts available.
Good luck, and good choice!
Mike Burden
Lynk Systems
http://www.lynk.com
(616)532-4985
[EMAIL PROTECTED]
> -----Original Message-----
> From: Mcclamma, Marty [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 28, 2003 1:12 PM
> To: [EMAIL PROTECTED]
> Subject: [gb-users] Advice for a new user....
>
>
> All,
>
> I am new to this list and new to firewalls.
> I have started setting up GB-Flash.
> Are there any gotcha's I need to look out for? Or any advice
> that you may
> want to share that would make it a cleaner install?
>
> *~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
> Marty McClamma
> Telecommunications Office
> Florida State University
> Phone: 850-644-4292
> E-mail: [EMAIL PROTECTED]
> *~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> To subscribe to the digest version first unsubscribe, then
> e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> Archive of the last 1000 messages:
> http://www.mail-archive.com/[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
http://www.mail-archive.com/[email protected]
