Extra Setup
4. Extra Setup
- 4.1 Allowing access from the WAN/Internet to special services
- 4.2 Blocking LAN machines by IP/ port number screening
- 4.3 Allowing pings
- 4.4 Extra compiling options
4.1 FireLance can open the server to a number of well known ports. This is controlled by the:
"Allow connections from WAN through firewall" section. Just check the box of the services you wish to allow. NOTE: once this is set and the script run these ports are open to the outside world. The services open on these ports are subject to the security of the services offered, i.e. if the web server port is open and you run a web server the server is open to any security problems with this particular web server software. It is important to keep up to date with any security fixes that the said software has. This also has nothing todo with your LAN accessing these services, i.e. this does not need to be set for the LAN to use these services off the server.
4.2 In the "Deny Particular Machines WAN/Internet access" section access by certain computers in your LAN can be blocked to the gateway services of the FireLance server. Just set an IP address and pick the port range (1 - 65535) and these will be blocked. To block all access by a machine just leave the port range empty and it defaults to all ports.
4.3 In the "ICMP echo packet screening" section pings can be allowed or disallowed. It is advisable to not let the WAN ping the server (as in the image above).
4.4 A couple of variables can be changed before compiling if need be. In the firelance directory of the sources is a file called vars.h. Open this in your favorite text editor and adjust the variables below to your liking.
- The line: const unsigned int numIPblocks(3);
controls the amount of individual machines that can be blocked in the "Deny Particular Machines WAN/Internet access". Just change the 3 in brackets to be the amount of computers you wish to block. Please note that making this a high number will slow the loading of FireLance in the browser. If you really need alot of blocks maybe it is that you need to create a basic script from the default setting then adjust the script by hand, copying and pasting and changing the port numbers and ip's by hand. This should be easy todo as the script is reasonably easy to read. - The line: const string configfile("/etc/firelance.conf");
setting controls where the configuration file is saved. Just change the "/etc/firelance.conf" phrase to point to where you wish the settings file to be saved. - The line: const string IptablesCtlScript("/etc/init.d/iptables");
controls the path to the iptables system control script. You should not need to change this, however if on your system this is named different you can adjust here. - The line: const string iptables("iptables");
controls the name of the iptables program, this should not need to be changed, but if need be, here it can be changed. - The line: const string fw_script("firelance.sh");
controls the name of the actual script that is managed by FireLance. If you wish to use another name set it here. - The rest of the changeable variables are just paths to standard utilities which are unlikely to be wrong.