Gnatbox Firewall

Introduction.

A firewall is a device that protects one network from the other network. In this case, one network is the Internet and the other is our home network. The firewall inspects every packet of information that goes in and out of the network and determine, according to a set of rules, whether the packet is safe or not. If it isn't safe, it is stopped.

GNAT Box is the technological outgrowth of GTA's ICSA (formerly the NCSA) Certified GFX Internet Firewall System. Although the GNAT Box doesn't have all the features and functionality of its parent, it still retains the stateful transparent packet inspection technology of the GFX system. In its default configuration the GNAT Box does not accept unsolicited connections from the external network. The GNAT Box is an "in band proxing firewall", which means that TCP and UDP based applications can pass packets transparently through the GNAT Box system without needing modified (special) clients or servers. We use the term "proxy" because the GNAT Box monitors all communications levels including the application level.
GNAT Box is a ICSA (formerly the NCSA) certified firewall product.

Limitations.

The GNAT Box Light firewall software is a fully operational version of the GNAT Box Firewall, with the following limitations:

A maximum of 200 concurrent connections are allowed.

A maximum of 4 different IP source addresses are allowed to make inbound connections, concurrently. A new IP source address will be allowed to connect after a previous IP connection has been disconnected for 300 seconds.

A maximum of 2 (5 when registered) different IP source addresses from the Protected network are allowed for outbound connections. A new IP source address that exceeds the limit will be allowed as an outbound connection after a timeout of 600 seconds.

Procedure.

1. Download Gnatbox Lite from www.gnatbox.com. The file is about 10 Mb.

2. Check the hardware requirements.

Intel compatible 386, 486, Pentium, Pentium Pro, Pentium II, AMD and Cyrix CPUs

8Mb (minimum) 16Mb (preferred) RAM

3.5" 1.44Mb floppy disk drive

2 network cards (10mb, 100mb or FDDI)

Basic VGA display card

Keyboard (only required for configuration)

Monitor (only required for configuration)

3. Install the Administration software on a windows machine.

4. From the start menu, choose the "Make a GB-Light floppy."

5. Insert a blank floppy into your drive and follow the prompts to make a Gnatbox floppy.

6. Put the floppy in your Gnatbox computer and switch it on. Make sure that it is set to boot from the floppy and after various screen messages and information whizzing by, the setup wizard will start and guide you through the rest of the installation.

7. The name of the Gnatbox can be anything you want, s long as you remember what it is. The default is GNAT-Box-Light, change it to whatever you wish. Use the spacebar and arrow keys to navigate around the wizard's menus
The next question is whether you want DHCP for the external interface. Answer yes to this, as the cable server will give the Gnatbox an IP address.
Now you have to pick a Network Interface Card (NIC) for the external interface, different brand cards come up with different IDs, so if you have different brands you will know which the external interface is. If you have the same brand of card, just guess and we'll fix it later. ;-)
Answer no to the question of DHCP for the internal interface, unless you have a DHCP server on your internal network. Type in an IP address for the internal interface, anything in the range 192.168.x.x, where x is 0-255. Make sure you remember what it is as we'll need it later on.
Leave the Netmask as 255.255.255.0
Choose the other network card for the internal interface and then type in a password, don't forget this either !
Check the configuration and click save.
Watch the message scroll by and you should see some starting with DHCP and indicating the address it received from the cable server. If you didn't you might have the network cards set around the wrong way, assuming that your modem is turned on and functioning correctly.

8. On the computer on which you installed the Gnatbox Administration, click on GB Admin in the Start menu and click open. click on network, then type the IP address you recorded earlier for the Gnatbox. Click Ok, and you will be asked for the user name (gnatbox) and the password you type in earlier.

9. For using the Gnatbox with Bigpond Cable, you will have to set a Remote filter to allow the heartbeat through. Click on Filters then Remote Access. On the keyboard, press Insert and a new filter will appear at the bottom of the list. With the mouse, grab it by the number and drag it to the top of the list.
Type in a description of the filter, so you know what it is later. "Bigpond heartbeat" or something similar. Change the Interface to External, the Protocol to UDP, the Type to Accept and leave the time base and Log as default.
In the Source frame, change the Object to Use IP address and type in the IP address, '61.9.128.13', with the netmask of '255.255.255.255'. Type 5051 in the Ports section.
In the Destination frame, select Any IP and type 5050 in the Port section. Now click on the single floppy disk icon next to the green button on the right of the toolbar.

10. Now, we have to create an inbound tunnel through the firewall for the heartbeat. On the menu on the left, click on NAT, then Inbound Tunnel. Press Insert on the keyboard and change the Protocol to UDP and leave the From IP address as '0.0.0.0'. Change the To IP address to the IP of the machine running LaunchPad or BPAlogin, with Port 5050.
Click on the save button again to save it to the floppy on the Gnatbox. Click File -> Save As and save it to your computers Hard drive as a backup.

11. Now you should be able to run LaunchPad or BPAlogin and surf the net from behind your firewall.