LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-17-2007, 08:51 PM   #1
adityavpratap
Member
 
Registered: Dec 2004
Location: Hyderabad, India
Distribution: Slackware 13, Ubuntu 12.04
Posts: 440

Rep: Reputation: 32
firewalling Debian Etch on my laptop


Hi!

I am running Debian Etch on my laptop, which connects to the internet through an ADSL router over wireless network. I have installed firehol but when I test my firewall at sites like Shields Up, the port 80 is reported as open.

As my knowledge of firewalls is absolutely the minimum, I would very much like you suggestions as to how to close this port.

Thanking in advance,
 
Old 11-17-2007, 08:55 PM   #2
phantom_cyph
Senior Member
 
Registered: Feb 2007
Location: The Tropics
Distribution: Slackware & Derivatives
Posts: 2,472
Blog Entries: 1

Rep: Reputation: 128Reputation: 128
Port 80 is what lets you connect to the internet, you don't want to close that. I think you may be able to change it, but 80 is the default HTTP port.
 
Old 11-18-2007, 01:01 AM   #3
adityavpratap
Member
 
Registered: Dec 2004
Location: Hyderabad, India
Distribution: Slackware 13, Ubuntu 12.04
Posts: 440

Original Poster
Rep: Reputation: 32
So it is OK if I keep it open?
 
Old 11-18-2007, 01:20 AM   #4
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 62
No, it's not OK, unless you're running an http server. Go ahead and close it then try to connect eo the internet. I don't know how firehol is set up, but if the settings are "sane," you shouldn't have any problem.
 
Old 11-19-2007, 08:57 AM   #5
adityavpratap
Member
 
Registered: Dec 2004
Location: Hyderabad, India
Distribution: Slackware 13, Ubuntu 12.04
Posts: 440

Original Poster
Rep: Reputation: 32
I can't seem to figure out how exactly one can close a particular port in firehol. Any suggestions?
 
Old 11-19-2007, 09:10 PM   #6
geden
Member
 
Registered: Nov 2004
Distribution: Mandriva ONE/ Kubuntu 8.04
Posts: 61

Rep: Reputation: 15
Create the file /etc/rcS.d/S99network
Copy the contents between the lines below into it (substitute your ethernet address for <outgoing interface ip>.
The bottom two lines allow external ssh connections, omit them if not desired or install fail2ban to thwart uninvited login attempts.
This is assuming your interfaces is, of course , named eth0. If it is a wireless interface the 3rd line should reflect whatever name your system has given the interface ie., ath0,wlan0...whatever...
-------------------------------------------------------------------------

#!/bin/bash

modprobe ipt_MASQUERADE
iptables -F;iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to <outgoing interface ip>
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

------------------------------------------------------------------------
then do... #chmod 700 /etc/rcS.d/S99network ..as root
then do... #/etc/rcS.d/S99network


instant firewall...

and ..coincidentally..if your communicating with an offsite website to check your firewall..of course it's going to report port 80 open..your using it to run the test..

Last edited by geden; 11-19-2007 at 09:30 PM. Reason: clarification
 
Old 11-19-2007, 09:28 PM   #7
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 62
If that seems too complicated for your skill level, you might want to simply remove firehol altogether, and install Firestarter (Gnome) or Guarddog (KDE) instead. Either of those will set up by default to block the service ports. (1-1024).

It's also possible, if you really don't know what you're doing, that you unwittingly installed an http server, and it's running which is the reason firehol left the port open. If that's the case, you may want to run a more beginner friendly distro that doesn't require as much post-installation configuration as Debian.
 
Old 11-20-2007, 12:19 AM   #8
adityavpratap
Member
 
Registered: Dec 2004
Location: Hyderabad, India
Distribution: Slackware 13, Ubuntu 12.04
Posts: 440

Original Poster
Rep: Reputation: 32
geden >>
Thanks for your valuable suggestion, I tried your suggestion. But when I run S99network, I get the following error message

FATAL: Module ipt_MASQUERADE not found.
iptables v1.3.6: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.6: Bad IP address `eth1'

Any suggestions?

rickh >>
Thanks for your suggestion. I have tried guarddog and firestarter without success. I am able to configure guarddog in my Ubuntu and Slackware 11 installs, without much problem. However I am unable to configure any firewall in Debian.
 
Old 02-29-2008, 09:43 AM   #9
geden
Member
 
Registered: Nov 2004
Distribution: Mandriva ONE/ Kubuntu 8.04
Posts: 61

Rep: Reputation: 15
Do 'modprobe ipt_MASQERADE' prior to running rc99network script, optionally make this the first line of the script.
 
Old 02-29-2008, 12:30 PM   #10
adityavpratap
Member
 
Registered: Dec 2004
Location: Hyderabad, India
Distribution: Slackware 13, Ubuntu 12.04
Posts: 440

Original Poster
Rep: Reputation: 32
Thanks geden, but I am off Debian now. I am back to Slackware and dabbling with Sabayon, now a days!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Wanting to install Debian Etch on my HP Laptop??? ENDI1111 Linux - Newbie 7 10-19-2007 11:43 AM
LAMP problems with debian etch on Dell laptop Shane Roach Linux - Server 3 09-10-2007 04:08 AM
Compaq V5305WM Laptop, Debian Etch, can't connect to wifi bubazoo Linux - Wireless Networking 3 04-19-2007 07:33 PM
Debian Etch on Laptop - Intel 900 series graphics, ICH7, 965, Core 2 Duo AwesomeMachine Linux - Newbie 0 04-13-2007 04:59 AM
Etch firewalling question... JaseP Debian 3 07-27-2006 02:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration