Firewall

From Wireless Internet Redistribution System
Jump to: navigation, search

The firewall needs to be configured in order to block traffic from users that have not authenticated.

The easiest way to create the configuration file is to create the text on your computer and then paste it into the file on the router. Open a text editor, notepad is the best, but usually MS Word and others will work.

In the text editor paste the text from http://the408.com/downloads/wirds/S45firewall.txt

If the router is the one directly connected to the internet, change this part-

#Uncomment this line if your router is directly connected to the internet

#$IPTABLES -A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

#Uncomment this line if your router is not directly connected to the internet

$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

to

#Uncomment this line if your router is directly connected to the internet

$IPTABLES -A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

#Uncomment this line if your router is not directly connected to the internet

#$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT


Otherwise, no other changes are needed.

Copy the text to the clipboard.

Unix skills are not necessary here, but will make your life slightly easier. Use your ssh program from the previous step

Connect to router A via SSH. From the mac terminal program the command would be ssh root@192.168.5.1.

Once connected, type vi /etc/S45firewall

Hold down the letter d until the file is empty. Then use i to enter insert mode.

Paste the text from your clipboard.

Once the text is there type :wq to save the file.

Reboot the router.

The firewall should now be configured correctly. To test, connect to the network, but don't open a web browser to authenticate. Then try to connect with various other applications, such as an ftp client or email client. If the firewall is working correctly, the applications should be unable to connect prior authentication.

Now you can continue with setup instructions.