Table of Contents
Advertisement
3 Change the default route of the NAT (lower-level) router to FSIGK to let all data communication
pass through FSIGK.
If the router is running Linux, run the following commands:
NAT-router# route del -net default
NAT-router# route add -net default gw 192.168.0.99
To apply the settings after restart, change the GATEWAY variables (/etc/sysconfig/network,
/etc/sysconfig/network-scripts/ifcfg-eth0) in the NAT router. Save the settings.
Check that Internet Gatekeeper (FSIGK: 9080, FSIGK: 9025, FSIGK: 9110, FSIGK: 9021) can
accept access from clients to all server services (http(80), smtp(25), pop(110), ftp(21)).
4 To enable communication (other than virus scans) for services (http, smtp, pop, ftp) on FSIGK, run
the following command, which enables routing:
FSIGK# echo 1 > /proc/sys/net/ipv4/ip_forward
Make the following change to /etc/sysctl.conf in FSIGK to enable routing after restart.
net.ipv4.ip_forward = 1
Check that communication from clients is possible.
5 Check that virus scans can be performed when a client accesses a server.
When a service accesses a server from Internet Gatekeeper, the IP address of the product is
normally assigned as the IP address of the service source.
For FTP data sessions, in Passive mode, the destination address from the client and the source
address from Internet Gatekeeper to the server are usually assigned to the address of the
product. In Active mode, the destination address from the server and the source address from
Internet Gatekeeper to the client are usually assigned to the address of the product. If FTP
communication cannot be used, check if it is denied by a firewall.
When accessing a server from Internet Gatekeeper or when an IP address needs to be retained
during a FTP data session, the kernel needs to be patched with tproxy.
For more information, see "transparent_tproxy" in the separate
Configure the settings so that the communication files and tasks used by the firewall settings of
Linux (iptables) are not denied.
The following communication chains must be allowed:
・
・
・
(9080,9025,9110,9021) for the INPUT chain. Data session communication rules relating to
FTP (if FTP is used)
If there are communication errors, disable the firewall and check the communication status.
All communication by the OUTPUT chain
All communication by the FORWARD chain
Communication to the listen ports used by Internet Gatekeeper
F-Secure Internet Gatekeeper for Linux/Administrator's Guide
"Expert
options" document.
112
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for F-SECURE INTERNET GATEKEEPER FOR LINUX 4.01
Related Products for F-SECURE INTERNET GATEKEEPER FOR LINUX 4.01
- F-SECURE LINUX SECURITY
- F-SECURE ANTI-VIRUS - FOR MICROSOFT EXCHANGE
- F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 6.62 -
- F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 7.10 -
- F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 8.00 -
- F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 9.00
- F-SECURE ANTI-VIRUS FOR MIMESWEEPER -
- F-SECURE Anti-Virus for Windows Servers
- F-SECURE ANTI-VIRUS FOR WINDOWS SERVERS 9.00
- F-SECURE ANTI-VIRUS LINUX CLIENT SECURITY -
- F-SECURE CLIENT SECURITY 7.00
- F-SECURE CLIENT SECURITY 9.00 - QUICK
- F-SECURE CLIENT SECURITY 9.01 - S
- F-SECURE Internet Gatekeeper
- F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61 -
- F-SECURE LINUX SECURITY 7.02
Need help?
Do you have a question about the INTERNET GATEKEEPER FOR LINUX 4.01 and is the answer not in the manual?
Questions and answers