Re: [coLinux-users] Kerio firewall

[Shang-Feng Y. <st...@ch...>]

Neil wrote:

>I have installed CoLinux 0.6.1 and got everything working, but I can't get
>it to go through my Kerio firewall. I am using a TAP driver and ICS. When
>CoLinux first starts up Kerio asks if this is a trusted network and I say
>yes. I can then ping from CoLinux to the internet. If I try browsing it
>sometimes works for a while but then stops. If I disable the firewall it
>works again.
>What is the rule I need to set to enable CoLinux to go through the firewall.
>Thanks
>Neil
>  
>

What version of Kerio PFW do you use? I am using Kerio v2.1.5, and my
coLinux v0.6.1 with Fedora Core 1 root image
is capable to access internet smoothly with TAP driver via Windows XP
ICS. The rules specialized for coLinux internet accessing are:
    1. permit ICMP [3] & [8] incoming traffic from the
       intranet address coLinux used.
    2. permit all TCP/UDP incoming traffic from coLinux.
    3. enable the special forwarding mode -- Internet Gateway --
       of Kerio.
    4. permit all outgoing TCP traffic of the application
       "c:\windows\system32\alg.exe" (Application Layer
        Gateway Service).
The ICMP rule must be prior to the rule "Other ICMP" that Kerio
pre-configured to take effect. The rules I used may be slack in
security, but it work for me. :>

May these info be helpful! :>


S.F. Yang



PS. I'm very sorry for the previous reply which "To:" field
     was carelessly filled to col...@li....
     I hope that would not cause trouble to list administrator.