From: G.W. H. <ge...@ju...> - 2016-05-28 10:01:53
|
Hi there, On Sat, 28 May 2016, muiz wrote: > Does anyone setup the firewall to let the MS Update service through > the firewall? http://www.ipcop.org/2.0.0/en/admin/html/firewall-traffic.html [QUOTE] 2.6.2. What traffic is allowed between Interfaces? The security model of IPCop is that the GREEN network is fully trusted and any requests from this network, whether initiated by a user or by a machine infected with a virus, Trojan horse or other "malware" is legitimate and allowed by IPCop. [/QUOTE] It then goes on to say [QUOTE] A new feature of IPCop 2.0.0, allows to set policies for each network interface. This makes it possible to allow only specific traffic to RED and IPCop. [/QUOTE] and follows that with tables showing "policies", which I for one find rather lacking as the tables do not show the default IPCop settings. In this page: http://www.ipcop.org/2.0.0/en/admin/html/firewall-settings.html Figure 2.44 shows that the default "policy" for the GREEN interface will be "open", in which case you should not need to do anything at all to permit Windows Update traffic. If you are talking about Windows Software Update Service (WSUS), it uses ports 8530 and 8531 respectively for HTTP and HTTPS connections and out of the box IPCop 2.x should allow the traffic because client machine initiates it entirely. Clients may need to be given (via DHCP for example) information such as the IP addresses of DNS servers and an address for their Internet gateway (presumably an IPCop interface, be it GREEN, ORANGE or BLUE) in order to be able to use the service. If this does not help you, we need more information. For example it's quite possible that your IPCop is connected to the Internet via some third-party router which is selectively blocking traffic. There are numerous settings in IPCop 2.x which you might have changed and which might as a result of your changes affect the ability of any given client to access external services. -- 73, Ged. |