602Pro LAN SUITE 2003’s built-in firewall gives you complete control over who can access services hosted on your LAN SUITE server. This feature is perfect for allowing access to services from specific IP addresses, while denying access to hackers and other troublesome users.

Allow Access to the LDAP service from a specific IP address

If you have multiple sites and would like to have a remote site be able to access your LDAP directory, it is a good idea to restrict access to the rest of the Internet. If your LDAP directory is left unprotected, anyone can use it to look up e-mail addresses at your site. This can lead to an influx of SPAM or other undesirable e-mail. Follow these directions to secure your LDAP server with the firewall:

1. Open 602Pro LAN SUITE, then click on Settings, and click Advanced Configuration.
2. Click the Firewall tab, then move the Security setting to Custom.
3. Click the LDAP connection from the Internet to this computer rule, then click Edit set.
4. Click the TCP (port 389) rule, then click Edit.
5. For Direction, choose the interface traffic is coming from the Internet to your LDAP server (e.g. incoming at X Adapter).
6. In the From field, select Single Source Address, then type in the IP address of your remote site in the IP Address field.
7. Click OK, rename the Permission set name (you can just add the number 2 to the end), click OK, then click Save.

Now only the address specified in the From source will be able to access the LDAP server. The Firewall works on an allow basis. If you have multiple sites, simply repeat this process for all of your sites.

Deny Access to the WWW Server from a specific IP address

In this example, we will restrict access to the WWW server from a specific IP address. Even though the Firewall works in an allow state, it is a snap to deny access to addresses! This is quite useful if you find one of your services under attack, or you simply do not want a particular user to access a specific service. Follow these directions to deny access to a user by IP address:

1. Open 602Pro LAN SUITE, then click on Settings, and click Advanced Configuration.
2. Click the Firewall tab, then move the Security setting to Custom if it
   is not already set to Custom.
3. Click the WWW connection from the Internet to this computer rule, then click Edit set.
4. Click the TCP (port 80) rule, then click Edit.
5. For Direction, choose the interface traffic is coming from the Internet to your WWW server (e.g. incoming at X Adapter).
6. From:/To: should be Any source address.
7. The first Except: field is where you can enter the IP address(es) of the attacker. You may enter addresses comma delimited in single address form (178.48.21.55), IP range form (178.48.21.55-178.48.21.100), or IP subnet form (178.48.21.0/255.255.255.0).
8. Click OK, rename the Permission set name (you can just add the number 2 to the end), click OK, then click Save.

Now any address will still be able to access your WWW server EXCEPT the attacker(s).

NOTE: This procedure works for any application on your server that utilizes TCP/IP ports. In other words, you can use the firewall in LAN SUITE to restrict or allow access to virtually any networked application that runs over TCP/IP.