LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-21-2004, 01:35 AM   #1
vincebs
Member
 
Registered: Oct 2003
Location: Mississauga, ON
Distribution: Ubuntu 9.04
Posts: 494

Rep: Reputation: 30
Newbie question on firewalls


Hi there,

I'm a huge newbie on networking so I need help configuring my Mandrake firewall. I want my computer to be fairly secure, but I also want to be able to share files via P2P networks. How should I configure my Mandrake firewall? It gives me several options:

Which services would you like to allow the Internet to connect to?
Everything (no firewall)
Web Server
DNS
SSH
FTP
Mail server
POP and IMAP server

Should I select Web Server and FTP?

It also gives me an option to input ports. For some reason, after I enter a port and enter another one, the first one becomes blocked again. I tried entering ports in /etc/services using lines like:

azureus 6689/tcp # downloads

But I still can't connect.

What's going on?
 
Old 01-21-2004, 04:29 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Re: Newbie question on firewalls

I want my computer to be fairly secure, but I also want to be able to share files via P2P networks. How should I configure my Mandrake firewall?
Should I select Web Server and FTP?

If you don't plan on running a Web or FTP server, then no you don't want either one. Don't select any of those services unless you need to allow incoming access to those ports.

It also gives me an option to input ports. For some reason, after I enter a port and enter another one, the first one becomes blocked again.
IIRC, when you're entering multiple ports, you have to enter them all at once. If you just enter one by itself and hit OK, it will get overwritten when you try entering a second one. I'm not sure if you have to seperate them with punctuation, but I don't believe so.

So don't select any of the pre-set service ports (web or ftp) unless you want to allow public access to them, then just open up ports for your P2P app to get through the firewall.
 
Old 01-21-2004, 11:21 PM   #3
vincebs
Member
 
Registered: Oct 2003
Location: Mississauga, ON
Distribution: Ubuntu 9.04
Posts: 494

Original Poster
Rep: Reputation: 30
Yeah but the problem is I'm using aMSN, which picks a port by random to send a file over. Same thing with azureus, which uses a whole range of ports.

Will I have to deactivate my firewall just to receive a file? Sounds annoying. Is there a program like Zonealarm that works in Linux which lets privileged programs use any ports they want? Because the more programs I use, the more ports I'll need to unblock, and the more holey my Internet security becomes. It would be best if I could block all Internet access except through programs I specify.

Last edited by vincebs; 01-21-2004 at 11:24 PM.
 
Old 01-22-2004, 07:53 AM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
If you want people to be able to connect to your box and download stuff from you, then you'll have to open up some ports. If you can limit the Ip addresses that you want to allow access to, then you can use iptables to filter those ports as well. But if you have to allow public acess, then you can just find the ports those applications use (check docs) and then open up those ports.

As far as azureus goes, this is from their website:

Quote:
From 2.0.6.0 on, you can use a single port for all your torrents.
You previously had to adjust the number of ports used, opened or forwarded to the number of running torrents.
Now, only one port is necessary. (You can still configure Azureus to use a range of ports...)
With aMSN:
Quote:
The used port is usually 6891, 6892 and so on (first transfer is on port 6891,
but if you start a new file transfer while the first one hasn't finished yet,
then it will use 6892, and so on). So, if using a firewall, you must make sure that it allows incoming connections to port 6891 (and next ones if you want to be able to make more than one transfer at the same time).
So what you want to do is just block everything incoming by default, then open up only those ports you need (for aMSN you can open up as many ports as you want for simulataneous connections). With those applications you listed, looks like you'll be alright to set it up that way. After that, you won't have to touch your firewall at all if you want to upload or download files.
 
Old 01-22-2004, 01:22 PM   #5
vincebs
Member
 
Registered: Oct 2003
Location: Mississauga, ON
Distribution: Ubuntu 9.04
Posts: 494

Original Poster
Rep: Reputation: 30
For aMSN, it seems like whenever I receive a file, it comes from a very high numbered port, e.g. 9680. What is going on? I can't find any setting which determines which port incoming connections go through. How do I know what port files are coming from?

Last edited by vincebs; 01-22-2004 at 01:28 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple question about firewalls ALInux Linux - Networking 4 11-27-2005 03:08 PM
Question about firewalls for DSL connection tigerflag Linux - Security 5 10-11-2005 09:30 AM
iptables - firewalls - confused newbie mymojo Linux - Newbie 7 12-16-2003 05:50 PM
Newbie question: Firewalls/security the_rydster Linux - Security 4 11-07-2003 12:13 PM
Linux Firewalls Question? noname Linux - Software 4 06-14-2002 11:54 PM


All times are GMT -5. The time now is 01:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration