I use Kerio 2.1.5 Firewall
& i'm having some difficulty getting Richard Jones rule set to work
properly

I'm attaching some jpg's of rule sets so far.


My ISP uses dynamic DNS for broadband ADSL


the folling are mockups of screen prints


pointing the browser to
http://10.1.1.0/ gets to the speedstream 4200

Speedstream Router Management Interface

Speedstream Optusnet
Broadband


System Summary
System Type: SpeedStream 4200-Series

[ianSnip]
[ian also snipping MAC addresses]

Point to Point Connection Summary:
PPPoE 8/35 58.107.93.177
AccConn: rdl21.ba



Current Log Entries


0000-00-00 00:00:01 E |System |Current Mode:
Bridge-Router
0000-00-00 00:00:01 E |CWMP |CWMP agent cannot reach
the ACS named http://acs.optusnet.com.au:1111/ACS-INTF. Trying again
in 10 seconds
0000-00-00 00:00:01 E |DSL |Boost DSP
0000-00-00 00:00:01 E |DSL |DataPump Version -
04.02.01.00
0000-00-00 00:00:02 E |DSL |State: WAITING
0000-00-00 00:00:03 E |USB |Link Up
0000-00-00 00:00:03 E |DHCP Server |Address 10.1.1.3 given
out to 00:13:a3:61:60:f5
0000-00-00 00:00:03 E |DHCP Server |1 Address(es) leased
0000-00-00 00:00:08 E |DSL |State: INITIALIZING
0000-00-00 00:00:18 E |DHCP Server |Address 10.1.1.3 given
out to 00:13:a3:61:60:f5
0000-00-00 00:00:18 E |DHCP Server |1 Address(es) leased
0000-00-00 00:00:25 E |DSL |State: WAITING
0000-00-00 00:00:31 E |DSL |State: INITIALIZING
0000-00-00 00:00:33 E |DHCP Server |Address 10.1.1.3 given
out to 00:13:a3:61:60:f5
0000-00-00 00:00:33 E |DHCP Server |1 Address(es) leased
0000-00-00 00:00:37 E |DSL |State: WAITING
0000-00-00 00:00:43 E |DSL |State: INITIALIZING
0000-00-00 00:00:48 E |DHCP Server |Address 10.1.1.3 given
out to 00:13:a3:61:60:f5
0000-00-00 00:00:48 E |DHCP Server |1 Address(es) leased
0000-00-00 00:00:56 E |DSL |HYBRID 1
0000-00-00 00:00:56 E |DSL |Link up 1 US 759 DS 1434
(INTL:ADSL2)
0000-00-00 00:00:56 E |PPPoE |oe00: tx PADI, id: 0000,
ac: (NULL), sn: (NULL), MAC: [ianSnip]
0000-00-00 00:00:56 E |PPPoE |Sending PADT/LCP
Terminate for Session ID = F8BD
0000-00-00 00:00:56 E |PPPoE |oe00: rx AC Name:
rdl21.ba
0000-00-00 00:00:56 E |PPPoE |oe00: tx PADR, id: 0000,
ac: (NULL), sn: (NULL), MAC: [ianSnip]
0000-00-00 00:00:56 E |PPPoE |oe00: rx PADS id: F921
MAC [ianSnip]
0000-00-00 00:00:59 E |PPP |LCP neg PAP
0000-00-00 00:00:59 E |PPP |LCP up
0000-00-00 00:00:59 E |PPP |IPCP nak option: 3
0000-00-00 00:00:59 E |PPP |IPCP nak option: 129
0000-00-00 00:00:59 E |PPP |IPCP nak option: 131
0000-00-00 00:00:59 E |PPP |IPCP up ip:
58.107.93.177, gw: 198.142.130.18
0000-00-00 00:00:59 E |PPP |IPCP dns:
211.29.132.12, 198.142.0.51
0000-00-00 00:01:04 E |DHCP Server |Address 10.1.1.3 given
out to 00:13:a3:61:60:f5
0000-00-00 00:01:04 E |DHCP Server |1 Address(es) leased
0000-00-00 00:01:05 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:01:05 E |DHCP Server |0 Address(es) leased
0000-00-00 00:01:21 E |CWMP |CWMP agent cannot reach
the ACS named http://acs.optusnet.com.au:1111/ACS-INTF. Trying again
in 1 minute
0000-00-00 00:02:05 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:02:05 E |DHCP Server |0 Address(es) leased
0000-00-00 00:03:05 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:03:05 E |DHCP Server |0 Address(es) leased
0000-00-00 00:04:04 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:04:04 E |DHCP Server |0 Address(es) leased
0000-00-00 00:05:04 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:05:04 E |DHCP Server |0 Address(es) leased
0000-00-00 00:06:04 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:06:04 E |DHCP Server |0 Address(es) leased
0000-00-00 00:07:04 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:07:04 E |DHCP Server |0 Address(es) leased
0000-00-00 00:08:04 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:08:04 E |DHCP Server |0 Address(es) leased
0000-00-00 00:09:04 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:09:04 E |DHCP Server |0 Address(es) leased
0000-00-00 00:10:03 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:10:03 E |DHCP Server |0 Address(es) leased
0000-00-00 00:11:03 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:11:03 E |DHCP Server |0 Address(es) leased
0000-00-00 00:12:03 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:12:03 E |DHCP Server |0 Address(es) leased
0000-00-00 00:13:03 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:13:03 E |DHCP Server |0 Address(es) leased
0000-00-00 00:14:02 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:14:02 E |DHCP Server |0 Address(es) leased
0000-00-00 00:15:02 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:15:02 E |DHCP Server |0 Address(es) leased
0000-00-00 00:16:02 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:16:02 E |DHCP Server |0 Address(es) leased
0000-00-00 00:17:03 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:17:03 E |DHCP Server |0 Address(es) leased
0000-00-00 00:18:03 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:18:03 E |DHCP Server |0 Address(es) leased
0000-00-00 00:19:03 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:19:03 E |DHCP Server |0 Address(es) leased
0000-00-00 00:20:03 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:20:03 E |DHCP Server |0 Address(es) leased
0000-00-00 00:21:01 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:21:01 E |DHCP Server |0 Address(es) leased
0000-00-00 00:22:02 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:22:02 E |DHCP Server |0 Address(es) leased
0000-00-00 00:23:02 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:23:02 E |DHCP Server |0 Address(es) leased
0000-00-00 00:24:02 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:24:02 E |DHCP Server |0 Address(es) leased
0000-00-00 00:25:01 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5
0000-00-00 00:25:01 E |DHCP Server |0 Address(es) leased
0000-00-00 00:26:01 E |DHCP Server |Address 58.107.93.177
given out to 00:13:a3:61:60:f5

[ ianSnip similar lines ]


Log Display Options
Display All Log Entries
System Firewall ADS
Network ATM DSL
Ethernet USB Firmware
Config DHCP Server DHCP Client
PPP PPPoE UPnP
Diags NAT Owner DDNS Client
User Content Filter ARP
Telnet Admin Time Client
CWMP Agent Internet Gateway Device








Routes

Current Routing Table

Destination Netmask Gateway Flags Metric
Interface
127.0.0.0 255.0.0.0 127.0.0.1 1
lo0
10.1.1.0 255.255.255.0 10.1.1.1 1
LAN
Default Gateway 198.142.130.18 5
PPPoE 8/35
58.107.93.177 255.255.255.255 58.107.93.177 1
LAN
Flags legend: (R)ip route, (S)tatic







SETUP |
ppp

ISP Password

Setup for PPPoE 8/35 Access Concentrator: rdl21.ba

Username: ... me ...
Password:
Access
Concentrator (Optional)
Service Name (Optional)
[ian checked ] Auto-Connect on Disconnect
Use Idle Timeout 0 Minutes



Mode


Mode Selection
Select the operation mode:

[ian radio button checked] Optus Bridge
[ian radio button NOT checked] NAPT
[ian radio button NOT checked] Full Bridge



Remote Access


Remote Management Access

Username:
Password:

Application Port
HTTP
FTP
Telnet

Allow access for 20 minutes



User Profiles


Profile Wizard

Current Profiles

# Profile IP Address Actions
0
1
2
3
4
5
Force all users to be identified before surfing








WAN interface

WAN Interface Configuration Wizard

Current Configuration

# VC Type Name Actions
0 8/35 PPPoE PPPoE 8/35 Disable Delete
button button
1
2
3
4
5
6
7
*Checked interface is the default WAN interface



Host

Host Configuration

IP Address: 10.1.1.1
IP Netmask: 255.255.255.0

Default Gateway: or [ ticked ] Use WAN

Host Name: [ian set to Optusnet ]


DHCP

DHCP Configuration

DHCP Server: [ian radio button checked ] "Enable"
[ian radio button NOT checked ] "Disable"
[ian radio button NOT checked ] DHCP Relay

Relay IP: ian grayed 0.0.0.0

Client IP Address: 10.1.1.3

IP Netmask: [ian 255.255.255.0 ]

Default Gateway: [ian 10.1.1.1 ] or [radio button NOT
checked [Self]

DNS Server: [ian blank ] or [radio button CHECKED
[Self]
Primary or Self

DNS Server:
Secondary [ian blank ] (Optional)


Domain Name: [ ian it's set to "domain.invalid" without
quotes]

Lease Time (mins): [ian 1 ]
Requires a specified DNS or [radio button NOt Checked
"Infinite time"










Time Client

Configure Time Zone


Enable Time Client:
[ ian radio button Not Checked ] "No"
[ ian radio button CHECKED] "Yes"



Primary Server: [ ian time.optusnet.com.au ]

Secondary Server: [ian pool.ntp.org ] (Optional)


Select Time Zone: [ian is 0 ] (minutes from UTC)
ian note this is why DNS shows ISP is
located
in
sydney




Static Route Configuration


Currently Configured Static Routes

# Destination Net Mask Next Hop Interface
Edit Delete
Static Route list is empty.


Add Route

Destination Net Mask Next Hop Interface
[ian ---- select ---
with a drop down arrow ]

FIREWALL [ian 7 of these]

Firewall Level Configuration


Current Firewall level: [ian set to "Low" ]

Select Firewall Level: [ ian drop arrow but currently set to off
]


Firewall Snooze Control


Current Snooze interval: [ ian set "Off " "

[radio button ian NOT CHECKED Disable Snooze
[radio button ian NOT CHECKED ] Enable Snooze,
and set the Snooze time interval to:
(minutes)
[radio button ian NOT CHECKED ] Reset the Snooze time interval to:
(minutes)



DMZ

Firewall DMZ Configuration

Current DMZ Status: Enabled
Current DMZ Host IP Address: 58.107.93.177


[ian this radio button is CHECKED ] Disable DMZ
[radio button ian NOT CHECKED ] Enable DMZ with this Host IP
address: [ian 58.107.93.177 ]
[radio button ian NOT CHECKED ] Enable DMZ with this Host IP address
[ with a drop

down button "Select Host"]]


["refresh" button]

[radio button ian NOT CHECKED ] Make Settings Permanent
[radio button ian CHECKED ] Make Settings Last Until Modem Reboots
[radio button ian NOT CHECKED ] Make Settings Last For: [ ian 60 ]
minutes


["Apply" button] ["Reset" button]



filter Rules

Firewall IP Filter Configuration Wizard

Inbound IP Filter Rules

Rule
No. Protocol Destination Destination
Enable
Interface Address
Disable Delete

122 GRE any WAN Interface any
Protected Protected
124 50 any WAN Interface any
Protected Protected



Outbound IP Filter Rules

Rule
No. Protocol Source Source Enable
Interface Address
Disable Delete

120 any any WAN Interface any
Protected Protected


[ian then buttons]
"Add New IP Filter Rule"
"Clone IP FIlter Level"
"Delete All"



Log
Firewall Log
[ian shows "No Events."



ADS
Firewall Attack Detection System Configuration

Enable Attack Detection System [ian Checkbox CHECKED ]

After enabling the Attack Detection System,
select events below to filter and/or log:

[checkbox NOT CHECKED } "Filter All" [checkbox NOT CHECKED ]
"Log All"

all items have checked "Filter"
AND Log check boxes
Same Source and Destination Address
Broadcast Source Address
LAN Source Address On WAN
Invalid IP Packet Fragment
TCP NULL
TCP FIN
TCP Xmas
Fragmented TCP Packet
Fragmented TCP Header
Fragmented UDP Header
Fragmented ICMP Header
Inconsistent UDP/IP header lengths
Inconsistent IP header lengths

[ "apply" button]

********** end of Firewall options ******************


UPNP


UPnP Configuration


[ian radio button NOT CHECKED ] Disable UPnP
[ian radio button NOT CHECKED ] Enable Discovery and Advertisement
only (SSDP)
[ian radio button CHECKED!!! ] Enable full Internet Gateway Device
(IGD) support

Options:
[ian checkbox NOT CHECKED ] Enable access logging
[ian checkbox NOT CHECKED ] Read-only mode






RIP

RIP Configuration

RIP Version Active
Interface Disabled 1 2 1&2
Mode Multicast

Local Area Network [x] ian radio button checked]
PPPoE 8/35 [x] ian radio button checked]

radio buttons under RIP Active Mode &
Multicast NOT checked


"apply" and "reset" buttons




Server Ports



SpeedStream Gateway Server Ports


Application Port
HTTP 80
FTP 21
Telnet 23

"apply" and "reset" buttons




Dynamic DNS




Set Up Dynamic DNS


Dynamic DNS Client
[radio button ian CHECKED ] Disable
[radio button ian Not checked ] Enable



Service Username: [ ian blank ]
Service Password: [ ian blank ]
Host Name 1: [ ian blank ]
Host Name 2: [ ian blank ] (Optional)

"apply" and "reset" buttons

***************** end of the mock- up screen prints. ******