In my previous post, I referred to an issue I had regarding my laptop. I wanted to make sure my laptop was configured to use OpenDNS at all times, even when not behind the ASG (Astaro Security Gateway). I knew it had to be a simple answer, I just wasn’t really analyzing the situation. The basic answer is I needed a rule that allowed DNS inquiries to pass through the firewall.

To explain a little further, a firewall uses rules to allow packets of info to flow through it. When a packet arrives at, the firewall looks at all of it’s rules to see what to do with it. If no rule applies, the packet gets dropped. In other words, the packet is just tossed aside never to be seen again, it disappears. This ensures that only packets that are allowed by the rules can pass through. (By dropping packets that don’t meet any rules you are also being more stealthy, that is you aren’t notifying the sender that the packet is dropped. I’m not gonna get too in depth with that, just think if the packet was from a “bad guy” notifying him that his packet was dropped is notifying him that “someone is here”.) So when my computer was requesting DNS at 208.67.222.222 (OpenDNS server), the firewall looked at the packet and looked at the rules. It didn’t meet rule #1, didn’t meet rule #2, etc etc. Once it got to the final rule and didn’t meet any of them, the packet was considered unallowed and was discarded. I hope that makes sense.

So I added the rule “DNS requests from internal network to anywhere – allow”. Now it works.  Not too hard. I’ll tell you what, I have to say, after “driving” this thing for a day or so, it’s a lot easier to use than I thought. There’s more to configure but they make it pretty user friendly, as long as you have basic networking knowledge. Luckily, I learned quite a bit in the Cisco class I took earlier this year. It may just be my home network but it’s nice to put it to use.

Also, I checked out the remote access VPN. Looks like it should be incredibly easy to set up tomorrow when I get to the office. Much easier than I first thought. Plus Astaro has some short tutorial videos on their website which really helped me a lot! I must say, I’m glad that I did this.

So yesterday I installed my Astaro Security Gateway (ASG). I ran into one speed bump, which was the result of me not reading the setup guide. Sometimes I think I can do it myself so I don’t read the documentation. If I would have read it, I would have saved myself at least an hour of troubleshooting. We live and learn, right?

I started with a disk I’d made about a week ago. When I booted it up though I got an error “Could not find kernel image: linux” I went back to Astaro and downloaded the newest version dated 31-Oct-2008. That time it worked just fine.

The trouble I ran into after that was connecting to the WebAdmin. The ASG had an ip address of 192.168.2.100 by default (I always change my subdomain address but I’ll use that address for this post). So I entered https://192.168.2.100 in Firefox but nothing happened. I didn’t read the quick start guide (which is a separate download) so I wasn’t aware that it needed to connect on port 4444. So I tried to figure out why I could ping the server but not connect via the web browser. Once I read the guide, I entered https://192.168.2.100:4444 and connected with no problem. I have one other minor issue to resolve, which I’ll get to in a minute.

The setup wizard was very straight forward. To be fair, Untangle’s set up wizard was also very straight forward. Once I’d gotten through that and also followed the “quick start guide”, I was up and running. I rebooted my cable modem to reestablish the connection and was able to get to websites.

The minor issue I’m dealing with is using DNS. I use OpenDNS and I have configured the ASG to use that rather than the DNS servers provided by my ISP. If you listen to Steve Gibson on Security Now, you will understand the importance of using solid DNS servers.

I have my desktop computer set up to obtain DNS automatically along with DHCP for the IP address. This is no big deal since it never travels outside of the home network and therefore will always use the DNS directed by the ASG. Such is not the case for my laptop. It does mostly just sit in my livingroom these days since I’m no longer taking it to client sites for work. But if we do take it outside of the house, it will no longer be getting it’s DNS directions from the ASG. So I prefer to manually tell it to use OpenDNS. The problem is, when I manually enter the DNS servers, web addresses no longer resolve. When I change it back to automatic, it works again. I have scoured the Astaro forum for resolution but to no avail. It was getting late last night so I had to give up. As of now, the network is running fine and my wife has used the laptop just this morning. But I’d like to figure out the solution. Of course, knowing me, it’s something simple that I overlooked in the late hours I was working last night. I’ll update here if I figure out the problem.

I have saved the Untangle hard drive so it will be simple to put back online if I decide to switch back to it. So far I’m happy with what I’ve got with Astaro though. The main thing for me will be how simply I can reconnect my VPN from my office computer so I can keep my server backed up. I haven’t really gotten into the ASG’s VPN. Hopefully it’s as easy to deploy and use as Untangle. I have to say, that’s one thing that I liked about Untangle, the VPN was simple and I set it up on my work computer and my laptop so I could always reach my file server when I need it.

My final thoughts for now are this. Untangle is a little easier to use and takes less up front configuration. Astaro has good documentation to walk you through everything though. I feel like the ASG’s firewall is stronger, at least from the beginning. I remember thinking that Untangle’s firewall was wide open to start with and I didn’t ever take the time to configure it much. Honestly, I didn’t feel very comfortable with it. I was kinda scared of locking it down too tight and making the network unusable. The ASG firewall seems to be locked down pretty well and the initial setup wizard seems to make it useable very quickly, not much tweaking left to do to the firewall. But I was also told by one of the guys from Untangle that the “intrusion prevention” module in Untangle should take care of protecting the network so you didn’t have to worry as much about the firewall.

Oh, I’ll throw in one more thing that I like. You can encypt your configuration backups too. Since they contain sensitive data, this is a definite plus and definitely something I’d recommend.

I’ve had a little bit of activity on my personal blog in response to this post so I thought I’d post it here where I can elaborate a little more. I try not to get too techy there. That’s what this site is for. I’m currently working through a Linux course. I want to become more proficient in Linux. I think it’s a fantastic OS and I’m very supportive of open source software. I know I haven’t updated this site in awhile but since my last update, I have resigned from the tech company for which I was working as a contractor. So now I’m only working my full-time office job which is unrelated to tech. I’m kinda the “tech dept” here where I work though.

I haven’t worked on my Linux course in a couple weeks. I’ve had plenty of things keeping me busy. I do plan on getting back into it though. I’m also hoping to find time soon to switch my security gateway or UTM (unified threat management), which ever you wanna call it. Currently I use Untangle and I want to switch to Astaro.

Untangle is great, I’m not saying I’m unhappy with it. I uses many of it’s great features. It’s open source and free for anyone to use. I’ve been glad to have it. I run this computer without any anti-virus (yeah, I use windows…don’t hate) and I’ve never had to worry. I run frequent virus scans just to see how things are going and I must say I’ve had no problems. I also use the VPN, powered by OpenVPN, to connect my office computer to my home network and access my FreeNAS server. I also use that in order to backup my server daily to a hard drive at my office and to back up extremely important work files to my home servers as well. That way I always have 2 copies of every file and both copies are at different locations. So if my house burns down, I still have my pictures and other stuff. If my office gets burglarized, I have my client files backed up. Ok I won’t preach at you about the importance of backup files.

Astaro uses open source and non-open source software so it’s not free for commercial use. Astaro is free for home users though. Home users have to install it on their own hardware (which you also must do with Untangle). I’m not changing because I think Astaro is better, not at all. I’m changing to check out Astaro. The guys I know who have used it, swear by it.

So what’s the point? I’ve used a gateway security device for several months now at home and on the network at my office. It has many benefits for all users. First, all of your data coming into your network gets scanned before it reaches any of your computers. Think of it like a bouncer at a club. The bouncer keeps all the riffraff from even getting into the club, which will (in theory) make the club safer. So you save yourself from having to clean off viruses and malware if they can’t even reach your system. By scanning data at the entrance to your network, you don’t have to scan it when it gets to your computer. This frees up memory on your computer and helps it to run faster.

Another benefit is total network filtering. This is very beneficial for families with kids, schools and work environments. You can block the whole network from getting to “dirty sites” or non-work related sites, specific sites, certain categories etc. Since the filtering occurs at the entrance to the network, there is no software running on the individual machine that can be disabled by the user. Also you have the benefit of better performance, again, since you don’t have extra software running on your workstations.

As I stated earlier, I have Untangle running at my office now. It’s completely free for us to use. I’ve installed it on a refurbished Dell box. It currently supports 9 workstations and one Windows server. I’ve been very pleased with it’s performance. My office manager doesn’t care about site filters, except for the dirty stuff. They don’t mind us playing games or going to Facebook when we aren’t busy. I run a light anti-virus client on each machine just to protect against something coming from inside our network. For example, if one of our employees has a usb key which they have brought from home, it’s very likely that they could have picked up a virus from a home computer. A gateway device can’t do anything about that. I can’t lockdown everyone’s usb ports or cd/dvd drives either because we need them. So in that case, they still have to have some local protection. We’ll probably stick to Untangle here because well, it doesn’t cost anything. Of course, Untangle has several add-on features that do cost money, but none we need at the moment.

Well I’ll leave this discussion here. Feel free to comment, add your own thoughts or experiences. I’ll write some more about this once I’ve implemented Astaro.

A recent conversation with a friend brought to my attention that many people don’t have a clear understanding of some basic forms etiquette on the Internet. I hope you will take a moment to allow me to share a few things with you. Online conversation, email or any “typed communication” can easily be misunderstood since the reader can not hear your “tone” as they do when you speak. It’s important to use the correct tone so as not to offend someone or to make sure they understand what you mean.

Most of all remember this, typing in all capital letters is considered “yelling” and can be looked at as very offensive. Make sure you turn off your “caps lock” when typing. Many people think that using all caps emphasizes what they are saying. That is not the case. Please remember this important point.

So what about emphasis? What do you do when you want to emphasize a point? Use bold letters, underlines, or italics. You can even use all three at the same time. Italics are probably less desirable for emphasis though. Italics are normally used when quoting something that was said by someone else.

The last thing I want to mention is sarcasm. Remember that many things you say don’t translate well to text. Though sarcasm can be funny to some, many people will not realize that you are joking especially if they don’t know you. They may not be familiar with your personality and misunderstand you.

So keep these thoughts in mind and know your audience. Your best buddy might find something funny while a work colleague or even a stranger may be offended by the same typed words. Use your best judgment when writing. I hope these few things will help you to have more pleasant online interactions.

In an age where we are all connected, protecting your data is probably the most important yet overlooked aspect of computers. Whether it is pictures of your kids on your home computer or sensitive client information on your business servers, the data you have is valuable or even priceless. There are two aspects of data protection I want to discuss and hopefully help you think about. Having worked in the insurance industry for many years I live by the motto: “Plan for the worst and hope for the best.” Data loss and data theft are very real yet not difficult to prevent. …Read the rest of this article