Re: [coLinux-users] Re: Kerio firewall

[Shang-Feng Y. <st...@ch...>]

Neil wrote:

>"Shang-Feng Yang" <st...@ch...>
>wrote in message news:40B...@ch......
>  
>
>>What version of Kerio PFW do you use? I am using Kerio v2.1.5, and my
>>coLinux v0.6.1 with Fedora Core 1 root image
>>is capable to access internet smoothly with TAP driver via Windows XP
>>ICS. The rules specialized for coLinux internet accessing are:
>>    1. permit ICMP [3] & [8] incoming traffic from the
>>       intranet address coLinux used.
>>    2. permit all TCP/UDP incoming traffic from coLinux.
>>    3. enable the special forwarding mode -- Internet Gateway --
>>       of Kerio.
>>    4. permit all outgoing TCP traffic of the application
>>       "c:\windows\system32\alg.exe" (Application Layer
>>        Gateway Service).
>>The ICMP rule must be prior to the rule "Other ICMP" that Kerio
>>pre-configured to take effect. The rules I used may be slack in
>>security, but it work for me. :>
>>
>>May these info be helpful! :>
>>
>>
>>S.F. Yang
>>
>>    
>>
>
>I'm using 4.0.16 which is quite a long way from the version you're using.
>I'm afraid I'm no closer to getting it to work.
>  
>
Well, the concept of setting rules is similar. I'm sticking to version 2.1.5
of kerio PFW for the reason that kerio 2.1.5 is free for home or non-commercial
user, while 4.x is not. Besides, v4.x adds new functions which could be 
unnecessary for a firewall and be substituted with other applications. :P

The point is that the TCP/UDP and ICMP traffics from coLinux must be permitted
for incoming. The Windows Application Layer Gateway Service could also be required
for packet forwarding. The only thing I'm not sure is that the "Internet Gateway" 
mode is whether configurable in kerio 4.x or not. Maybe you could find some clue
in the kerio's help. :>


Regards,
S.F. Yang