Thursday, March 6, 2008

Migrating Astaro Firewall for SUK Selangor

Last saturday we manage to port Astaro Firewall from one server to another server. It's easy by using backup and restore the Astaro configuration file. We spend to much time trying to figure out why after loading the backup file in the new server, the setting was not set as per the old Astaro firewall. As we used to M0n0wall and Fortinet, we overlook one more to be push after loading the configuration file. The restore button.

My rule of thumb for configuration of firewall that used iptables.

  • Add alias interface that used public ip adress.
  • DNAT all of them point to point ip address WLAN and DMZ with specific port only.
  • Outgoing used masquerading.
  • Last rules must block all.
  • allow rules by ip and by port before the deny all rules.