Endian Firewall Reference Manual r. 2.2.0.2

Copyright (c) 2008 Endian srl, Italy.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".

Chapter 3: The Network Menu

Select Network from the menu bar at the top of the screen.

The following links will appear in a submenu on the left side of the screen. They allow setting up network-related configuration options:

Each link will be explained individually in the following sections.

Edit hosts

Select Network from the menu bar at the top of the screen, then select Edit hosts from the submenu on the left side of the screen.

Endian Firewall contains a caching DNS server (dnsmasq) that honours the system's host file for name look-ups. In this section you can define a custom host entry that will hence be resolved for all clients.

Click the Add a host link to add a host entry specifying IP address, host name and domain name. After that confirm your hos entry by clicking on the Add Host button.

Routing

Select Network from the menu bar at the top of the screen, then select Routing from the submenu on the left side of the screen. The routing sections allows to set two types of routing: static routing and policy routing defined in the following sections.

Static routing

allows to associate specific network addresses with given gateways or uplinks. Click the Add a new rule link to specify a static routing rule using the following fields:

Source Network - source network in CIDR notation (example: 192.168.10.0/24)
Destination Network - destination network in CIDR notation (example: 192.168.20.0/24)
Route Via - give the static IP address of a gateway or choose between the available uploads
Enabled - check to enable rule (default)
Remark - a remark for you to remember the purpose of the rule later

Click the Save button to confirm your rule. You can then disable/enable, edit or delete each rule from the list of rules by clicking on the appropriate icon on the right side of the table (see the icon legend at the bottom).

Policy routing

allows to associate specific network addresses and service ports / protocols with given gateways or uplinks. Click the Create a policy routing rule link to specify a policy routing rule using the following fields:

Source - the source can be a zone/interface, one or more networks in CIDR notation (example: 192.168.10.0/24) or a MAC address
Destination - the destination can be one or more networks
Service/Port - optionally give one or more destination ports and protocol types
Route Via - choose between the available upload links
Type Of Service - the type of service (TOS) number - this number can be used to request a certain type of service, such as 0 - normal traffic, 8 - minimize delay, 4 - maximize throughput, etc...
Remark - a remark for you to remember the purpose of the rule later
Position - where to insert the rule (relative position in the list of rules)
Enabled - check to enable rule (default)
Log all accepted packets - log all packets that are routed by this rule

Click the Create rule button to confirm your rule. You can then disable, edit or delete each rule from the list of rules by clicking on the appropriate icon on the right side of the table. You can also change the order of rules (arrow down/up icon).
After making changes to a rule, do not forget to click the Apply button on the top of the list!

Interfaces

Select Network from the menu bar at the top of the screen, then select Interfaces from the submenu on the left side of the screen, finally choose one of the two following tabs:

Uplink editor

More uplinks can be defined by clicking on the Uplink editor tab: choose the type of uplink, then fill in the type-specific form. The fields are the same as in the network configuration wizard (see the "Network configuration" section in "The System Menu" chapter).

VLANs

Virtual LANs (VLANs) can be defined by clicking on the VLANs tab. The idea behind offering VLAN support in Endian Firewall is helping to allow arbitrary associations of VLAN ids to firewall zones. To add an association click the Add new VLAN link, then specify the following parameters:

Interface - the physical interface the VLAN is connected to
Zone - the Zone the VLAN is associated with
VLAN ID - VLAN ID (0-4095)