如何架設一套防火牆適用於中小型網路 簡單說明

第 1 頁,共 4 頁 1 2 3 ... 末頁末頁
顯示結果從第 1 筆 到 10 筆,共計 36 筆
  1. #1

    如何架設一套防火牆適用於中小型網路 簡單說明

    Hardware Requiredment 硬體需求

    CPU--> Pentium MMX 166 or better
    Memory --> base 64M or better
    Mother Board ---> depends on your CPU type 依 cpu 而定 無須太多附加功能 例如 音效 等等
    power supply ---->200W is enough 200 w 已足夠
    floppy drive 1.44M --->完成後可卸除以省電
    Cd-ROM ---> 完成後可卸除以省電
    Keyboard and Mouse 鑑盤與滑鼠
    Two NIC cards (PCI format is better ) 2 片網路卡 PCI 較好
    HardDisk 4.3 GB or better 硬碟 4.3 GB

    Software Requirement 軟體需求
    Windows operating system < 98 ,Me are ok , better with win 2000 pro version>
    winroute pro <------download from www.kerio.com winroute pro was certified by ICSA

    Setup and Install 設定與安裝

    請先完成 window 的安裝, download 必要的修正程式
    NIC#1 obtain IP from DHCP by default, 網卡 #1 設定自動取得 IP 來自 東森或其他公司 即是連接到 cable or adsl Modem
    NIC#2 set internal IP and DNS server IP by manual 自設內部區域網路位址 及 網域名稱嗣服器位址指到 ISP 的 DNS server

    Install winroute pro 安裝 winroute pro
    setup Winroute pro 設定 winroute pro

    茲說明 winroute pro 一些功能

    Mixed OS networks (Unix, Mac, AS400) 支援非windows 網路的系統
    VPN support  企業虛擬網路
    Remote Administration 遠端遙控來自內部網路或 Internet
    Anti-Spoofing 抵抗 spoofing
    DHCP  動態分配 IP 給用戶端
    About DNS forwarding 內建 DNS 嗣服器及轉送服務
    POP3/SMTP Services 內建 郵件轉寄服務
    NAT (Network Address Translation) 網路位址轉換
    Packet Filter  封包過濾
    Logs and packet analyses 日誌及分析服務
    Proxy server 代理嗣服器
    Protocols 支援下列協定

    IPSEC, H.323, NetMeeting, Net2Phone, WebPhone, UnixTalk, RealAudio, RealVideo, ICA Winframe,
    IRC, FTP, HTTP, Telnet, PPTP, Traceroute, Ping, Year 2000 Aol, chargen, cuseeme, daytime, discard, dns,
    echo, finger, gopher, https, imap3, imap4, ipr, IPX overIP, netstat, nntp, ntp, ping, pop3, radius, wais, rcp, rlogin,
    rsh, smtp, snmp, ssh, systat, tacacs, uucpover IP, whois, xtacacs and more.

    因 winroute pro 功能繁多 就其常用功能加以說明 安裝完成後 系統自訂是以 
    username ---->admin password ---->空白  來登入

    interface table 介面卡表設定 
    NIC#1 link to internet must set the NAT on

    click inteface table---->highlight the NIC card which is connected to internet ----->property--> check the item
    perform NAT with the IP address of this interface on all communication passing through-------> click ok
    設定卡1 的 NAT 的功能 ( 在工具列的中間部分可見一個 綠色的介面卡符號即是)

    NIC#2 link to internal network "MUST NOT SET NAT ON THIS INTERFACE" Do not set NAT on the Interface which connect to your local area network

    Set DHCP Scope
    Enable DNS forwarder
    Setup proxy
    Disable SMTP server function
    Edit Anti SPAM
    Edit package filter
    Setup 必要的功能
    Setup Security
    底附簡體一網站 供同好研究


  2. #2

    Winroute Pro 設定及使用

    這些天看了一下這裡的訪客 還是有一些同好 對於 winroute pro 的軟體有興趣
    本來提供了依個連結 但可能因流量太多而導致死鏈

    想一想 還是利用 下班及課餘的一點點時間,來翻譯 winroute pro 的英文原件


    Dear Customer,

    Thank you for purchasing WinRoute Pro. Kerio Technologies, a leader in security software for Windows operating systems, is proud to offer this powerful, yet easy to use, secure Internet sharing solution.

    WinRoute Pro is a network application that transforms a Windows PC into a substitute for much higher priced hardware based routers and firewalls. As with any network firewall, it is important that the network is properly configured prior to implementing our software. Therefore, a basic understanding of TCP/IP networking principles is necessary.

    This manual includes several examples of network configurations, as well as a quick checklist to help guide you through your setup. We strongly recommend reviewing this documentation very carefully. Please visit our online support area for additional tips, FAQs and updates.

    Kerio Technologies



    謝謝你購買 Winroute Pro. kerio科技公司, 本公司很榮幸的提供一款強力, 操作簡單的網路分享方案的軟體

    Winroute Pro 是一個網路應用軟體,用一般簡單的 Windows 電腦來替代一些高價位的硬體防火牆及路由器 &cedil; 就如同其他的防火牆一樣, ;在你安裝本公司的產品之前, 請先設定好你的網路 , 當然你必須還須具備一些網路的基礎才行

    本手冊裡包含了幾個設定的例子, 它們能幫你很快的設定你的網路, 我們強烈建議你小心的閱讀本手冊, 並且在必要時瀏覽我們的線上支援, 那裡有更多的技巧, 問題與解答及更新


  3. #3
    Inserting the license
    First make sure that the winroute engine is running so you can access the administration. After you have connected to the administration go to the help menu -> about application as shown below. You should see a set license button, click on it and insert your license key.

    圖請對照 原文的圖


    首先你必須確定 winroute 引擎是在執行中, 如此你才可進入管理模式, 當進入管理模式時, 請至 help 功能表
    如是所示 , 你應該可以見到一個設定序號的按鍵, 按下他及輸入你的序號

  4. #4
    WinRoute Description
    In This Chapter
    Extensive Protocol Support
    WinRoute Summary
    WinRoute architecture
    Mixed OS networks (Unix, Mac, AS400)
    VPN support
    Remote Administration
    Time intervals
    DHCP overview
    About DNS forwarding
    POP3/SMTP Services
    NAT (Network Address Translation)
    Packet Filter
    Logs and packet analyses

    winroute pro 的形容

  5. #5
    Extensive Protocol Support
    WinRoute supports all standard Internet protocols including:

    IPSEC, H.323, NetMeeting, Net2Phone, WebPhone, UnixTalk, RealAudio, RealVideo, ICA Winframe, IRC, FTP, HTTP, Telnet, PPTP, Traceroute, Ping, Year 2000 Aol, chargen, cuseeme, daytime, discard, dns, echo, finger, gopher, https, imap3, imap4, ipr, IPX overIP, netstat, nntp, ntp, ping, pop3, radius, wais, rcp, rlogin, rsh, smtp, snmp, ssh, systat, tacacs, uucpover IP, whois, xtacacs and more.

    winroute pro 支援上述的通信協定

  6. #6
    WinRoute Summary Winroute pro 簡介
    WinRoute Pro is the ultimate Internet Router - Firewall software making it virtually effortless to set all of the computers in your network up to share a single Internet connection! Connect through a dial-up line, DSL, Cable, ISDN, LAN, T1, Radio and DirecPC. It's that easy!

    Winroute Pro 是一個強有力的網路防火牆-路由器 , 它可以讓你設定你的私人網路內的所有電腦透過一條單一的連線而連接到國際網路, 它可以是一條 撥號, DSL, Cable, ISDN, LAN, T1, Radio And Direct PC, 設定上就是如此的簡單

    Remote Administration 遠端遙控

    WinRoute Administrator provides the configuration and settings on the WinRoute Engine. WinRoute Administrator is a separate application (wradmin.exe) that may be run from any computer with a connection to the WinRoute Engine computer. Access to the Engine is secured by strong encryption and a password.

    winroute 管理人提供了管理和設定 winroute 引擎的功能. winroute 管理人是一個分離的應用軟體 ( wradmin.exe ), 它可以在任何電腦上執行管理的功能, 強力加密及密碼以確保遠端管理的安全性

    Logging 紀錄

    WinRoute Pro provides an administrator with ultimate control over the traffic flowing through the host computer it is running on. The Administrator may benefit from analyzing the flow of TCP, UDP, ICMP, ARP packets, DNS requests, driver information and more. All operations have a Time Stamp.

    WinRoute Pro 提供管理人一個強有力的工具用來控制資料流量流經 winroute pro 的電腦. 透過這個工具管理人可以分析及了解 下列的資訊
    如 TCP, UDP, ICMP, ARP packets, DNS requests .

    下次在 POST 一部分的下文

    時間已凌晨兩點了 得睡覺了

  7. #7


    NAT IP Router 網路位址轉換 IP 路由器

    WinRoute includes the (best) implementation of Network Address Translation (NAT) technology available today. It is designed to provide users with the ultimate in routing capability and network protection. The NAT driver written exclusively for WinRoute offers a security solution comparable to more expensive products at substantially less cost.

    Winroute pro 內含 NAT 的功能. NAT是被設計用來提供強力的路由功能及保護網路, Winroute pro 內建的 NAT 除了提供一個安全的解決方案, 同時也提供在同類產品中相對性的低價.

    Advanced NAT Routing 進階 NAT 路由

    Advanced NAT allows the option to modify the source IP address of outgoing packets based on various criteria. This ensures easy integration of LANs behind WinRoute into the corporate WAN environment with different segments, demilitarized zones, virtual private networks etc.

    進階NAT的功能可以讓你選擇性的修改資料输出資料封包的來源IP位址, 如此以整合在 Winroute pro 之後的區域網路可以與企業廣域網路結合在一起, 如 DMZ , VPN 等等

    Hosting Servers behind WinRoute 架設在 Winroute 後的伺服器

    WinRoute's NAT, when not excluding the host, will prevent all unrequested traffic from entering your entire network, including the computer that WinRoute is installed on. Port Mapping/Forwarding allows users to decide how they want to divert IP packets passing through a NAT'd interface. With WinRoute, users can set packets coming to a specific port to be passed to a specific internal computer. This allows them to run a web server, mail server, FTP server, VPN server or virtually any other type of server securely behind the firewall.

    WinRoute' 的網路位址轉換 NAT 功能會阻斷任何未經授權的資料進入你的網路, 它同時也保護了搭載winroute pro 引擎的電腦, 端口映射及轉送功能, 允許使用人去決定如何將資料通過一個 NAT的介面且轉送到指定內部電腦的指定端口&cedil; 如此的功能可以讓使用着輕鬆的在 winroute 之後架設 Web, 郵件, FTP, VPN 及其他多種的伺服器

    Firewall Security 防火牆的安全

    WinRoute gives users a comparable level of firewall capability found in far more expensive solutions through a combination of its NAT architecture and its ability to operate on a low level. This allows WinRoute to capture both incoming and outgoing packets, which makes it unbreakable. Anti-spoofing is an add-on to WinRoute's packet filtering, for further protection of the LAN against attacks where the intruder falsifies source IP addresses.

    相較於那些結合了防火牆及 NAT 的高價防火牆系統, winroute 提供使用人相同的功能但更低的價位, 這些的功能讓 Winroute 可以在資料封包進入及離開時攔截它們, 這就是 winroute 無法被攻破的原因, 此外 winroute 亦加入了 Anti-spoofing, 封包過濾等功能, 用以保護內部網路已抵禦外部入侵着的攻擊

    Simple Network Configuration 簡單網路設定

    The DHCP server and DNS forwarder included in WinRoute greatly simplify the task of network administration, requiring minimal effort and no client configuration.

    Winroute 內含的 DHCP 伺服器 及 DNS 轉送器, 大大的簡化了網路管理著的工作

    Mail Server 郵件伺服器

    WinRoute's mail server, complete with SMTP relay and POP3 server, allows virtually unlimited aliases and automatic mail sorting. It is an ideal solution for small to medium sized businesses that host their own domain and would like to have full control of each user's mailbox. Users can have multiple addresses and receive mail from various accounts. Authentication and anti-spam ensure that your mail server cannot be abused by outside sources.

    Winroute 內建的郵件伺服器,有著完整的 SMTP 轉發及 POP3 伺服器的功能, 使的 winroute 可以虛倪的設定無限制的信箱及自動郵件排序 . 這些功能對於一些中小型企業來說, 一方面可以擁有它們自己的網域名字, 同時又可有效的管理每一個使用着的信箱 , 同時也可設定一個使用着擁有多重的信箱及帳號, 新增的密碼認證及抗垃圾信件的功能可以確保你的郵件伺服器不會被外界的入侵着所濫用

    HTTP Cache HTTP 快取

    WinRoute's architecture includes an innovative Cache engine. Unlike proxy servers with caching functionality, WinRoute's cache stores passing data in one file of pre-defined length instead of using a single file for each object. This significantly saves the disc space occupied by the cache, especially in FAT16 (most of Windows95) environments.

    WInroute 內含了一個 HTTP 快取的引擎, 不像一般的快取伺服器所使用的單一檔案儲存方式, winroute 採用了預先定義資料長度的方式來儲存資料, 這樣可以大大的節省磁碟的空間, 尤其是在 FAT 16 的環境中

  8. #8


    WinRoute architecture Winroute 結構

    For advanced Internetworking, it's helpful to understand how WinRoute works. From the explanation and examples listed below, WinRoute proves to be an excellent solution for almost any network configuration.

    對於進階的網路設定而言, 你必須了解 Winroute 是如何工作的, 從下面所列的例子, winroute pro 對於任何型態的網路可以提供優越的解決方案

    Firewalls are typically built on hardened platforms and the software itself is typically difficult to circumvent. However, a major weakness in many network security devices is during the brief window of time between when the hardware is actively capable of routing traffic and when the software takes over control of the network interfaces. Within this critical juncture, security can be completely compromised.

    一般說來大部分的防火牆都架構在硬體結構之上,且軟體不易設定,但對大多數的網路安全裝置而言, 一個共通性的弱點是當 windows 在開機及設定各種硬體網路設備的同時, 及軟體防火牆取得控制權且可以控制並開始執行封包轉送時的這一段準備時間內, 正是安全上最大的漏洞

    WinRoutes driver, or Engine, activates as the core files of the Windows operating system (the kernel) load themselves into memory; specifically, the engine loads before the NDIS (Network Device Interface Specification) modules are loaded, so that no network connectivity is supported before WinRoute is active. Thus, protection of all interfaces is active before malicious traffic or other attacks can be mounted on the system. This compares favorably to standalone intrusion-detection-type products that run as a service and are not active until after the
    system has booted.

    Winroute 的引擎&cedil;在windows 開始載入它的核心程式的同時, winroute pro 也一併隨同 windows 載入記憶體, 如此一來在windows載入它的NDIS核心程式之前, winroute 已完全的控制所有的網路硬體及介面, 也就是說在 winroute pro 未正式動作之前是不會允許任何封包的轉送,如此一來也同時保護了可能的外來入侵及不明封包的攻擊, 相對於那些獨立且具有入侵探測的熱門軟體必須在 windows 完全載入後才可取的控制權而言 , winroute pro 提供你更多的安全性

  9. #9


    WinRoute "wraps" NDIS in a proprietary fashion such that all TCP/IP traffic is shunted from the network interface card (NIC) driver to the Engine before it proceeds up the network communications stack to the operating system itself.

    在 winroute pro 引擎還未正式開始運作之前, Winroute pro 一方面掌控 NDIS 所有的控制權, 例如所有的 TCP/IP 資料流量在 winroute pro 還未正式開始運作之前是不被允許運作的, 二方面
    winroute 也把所有的網路資料存在它內部的堆疊裡

    This low-level insertion into the operating system allows the WinRoute Engine a unique perspective on all network traffic arriving on any interface (whether inbound or out). As with many enterprise-class firewall products such as Check Points Firewall-1, WinRoute is allowed to make the first decision about whether to allow or deny a given packet. Once again, this prevents malicious attacks against other aspects of the operating system or other software that could bypass the security offered by a firewall.

    就如同上述控制 windows 及網路介面硬體的方式,使的 winroute 可以很輕易的達到網路資料流量及封包的管控, 不管他們是進入或是離開. 就如同其他企業等級的防火牆 如 CheckPoint 的 Firewall-1, Winroute pro 可以讓你決定當資料封包進入時, 是讓其通過防火牆亦或是拒絕它 , 如此一來就達到防禦外界惡意的攻擊或是內部程式企圖通過防火牆的安全檢查 .

    Lastly, the WinRoute Engine takes over all communications routing functionality from the underlying Windows operating system (whether it be Windows 9x, NT, or 2000). This ensures that if for some reason the WinRoute Engine were to fail, no traffic would be routed between networks. This "fail-closed" stance has been the traditional default for firewall configurations for many years, and serves to protect private networks in the case of common system failures.

    最後 Winroute pro 引擎接管所有 windows 的網路通訊及封包轉送的功能, 不管他們是 Windows 9x, NT or 2000 and XP, 如此以確保當 Winroute pro 引擎因意外的因素而導致於當機時 , 將不會有任何的資料封包在介面之間傳送. 這種所謂的 “失效即關閉 “ 的功能在傳統的防火牆是行之有年 .
    及是當 winroute pro 當機時, 躲再其後面的私人網路就不會受到駭客或其他外界惡意的攻擊.

    1. Total Security 全盤性的安全
    WinRoute works below the TCP/IP stack. In another words - it captures both outgoing and incoming packets BEFORE they have the chance to enter your computer.

    Winroute pro 引擎工作在 比 TCP/IP 堆疊還低的位階之下, 也就是說 Winroute pro 在資料封包進入你的電腦之前已先行一步攔截並檢測他們.

    This advanced design makes WinRoute's security almost unbreakable
    如此優越性的設計使的 Winroute pro 幾乎是不可能被攻破

    2. Total Protocol Support , 支援所有的通信協定
    WinRoute is a software ROUTER. As such, WinRoute can allow almost any Internet protocol to pass through. At the same time, WinRoute checks each packet utilizing the advanced security and firewall features inherent in the software design. On systems running Windows 95 and 98, WinRoute handles the routing of packets. On systems running Windows NT, the NT operating system performs the routing and WinRoute manages the NAT functionality and other data.

    因為 winroute pro 是一個軟體的防火牆,幾乎所有的通信協定都可以支援. 且根據內部的規則設定來檢查每一個封包, 在 windows 95 及 98 的電腦上 . winroute pro 扮演控制及決定封包的路由, 在電腦跑 Windows NT 的系統上, NT 操作系統扮演封包路由的功能 而 winroute pro 則管理  NAT 及其他的資料

    3. Total Flexibility 全面性的靈活運用
    WinRoute performs NAT (Network Address Translation) on the interfaces of your choice. WinRoute also performs any preset security rules on the specific interfaces. This gives the user a wide range of freedom when designing and configuring security options.

    你可以決定要不要讓 winroute pro 扮演 NAT 的角色, 亦或是讓 Winroute pro 可以根據內部的定義對某一介面卡作特殊功能設定. 你可以根據你的喜好及安全性的考量來設計及架構你的網路

  10. #10


    Mixed OS networks (Unix, Mac, AS400) 複合網路
    Connecting multiple operating systems environments (Linux, Unix, AS400, Apple)
    WinRoute is suitable for connecting multiple operating system type environments to the Internet. WinRoute acts as a software router. As such, it supports any standard TCP/IP environment.
    Winroute pro 可以連接不同的操作系統, Winroute pro 就如同一個軟體路由器一樣, 它也同時支援了所有標準的 TCP/IP 通信協定
    NOTE: A Windows based operating system must host the WinRoute application. 附記 你必須在一台 Windows 的電腦上搭載 Winroute Pro 的引擎

    附加圖片 附加圖片 multios2.gif  

第 1 頁,共 4 頁 1 2 3 ... 末頁末頁


  1. 【問題】請問Avast!可以跟哪一套防火牆相容??
    作者:cbja 所在討論版:-- 防 駭 / 防 毒 版
    回覆: 2
    最後發表: 2008-12-26, 07:15 PM
  2. 【求助】DI-604如何架設小型無線網路
    作者:er721b 所在討論版:---- ADSL 軟 硬 體 技 術
    回覆: 0
    最後發表: 2004-12-05, 08:17 PM
  3. 【求助】能提供適用於100人左右的防火牆
    作者:yuchieh 所在討論版:-- 網 路 硬 體 版
    回覆: 19
    最後發表: 2004-07-29, 11:48 PM
  4. 【投票】哪一套防火牆最優
    作者:Dr.T 所在討論版:-- 防 駭 / 防 毒 版
    回覆: 4
    最後發表: 2002-08-03, 12:17 PM
  5. 建議一套防火牆
    作者:novapub 所在討論版:-- 防 駭 / 防 毒 版
    回覆: 12
    最後發表: 2001-03-14, 09:15 AM




  • 不可以發表新主題
  • 不可以回覆文章
  • 不可以上傳附加檔案
  • 不可以編輯自己的文章