LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-16-2004, 06:33 PM   #1
tisource
Member
 
Registered: Feb 2002
Posts: 322

Rep: Reputation: 30
Can linux firewall traffic not necessarily intended for it (promisc mode)?


Simple question for you linux firewall gurus out there:

Can linux (running in promiscuous mode) intercept and block packets via firewall rules (basically block inappropriate packets via a firewall, but the traffic isn't physically going through linux (say, in a traditional dual-nic setup)?

I want linux to firewall incoming and outgoing traffic from our LAN to our WAN connection, but I don't want the connection physically broken if the linux box happens to go down.

In other words, I want traffic to do this: LAN -> linux -> WAN, without the linux step being a major point of failure from a hardware point of view.

The problem is that our WAN router doesn't have the capability to diplicate all I/O to one host, so I thought that I might be able to rig something with an old hub we have (put the hub between the WAN router and our LAN switches, and put the linux box on that hub).

I know there are fancy proxy/firewall systems (expensive network appliances) that do similar things, but this is a different situation.

I'm working with a very tight budget (we're a very small operation) and trying to improvise with what hardware we have on hand.

Is there a way to accomplish this?
 
Old 11-16-2004, 07:12 PM   #2
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
Unless the linux box is in-line then no it can't block. There is linux software that can respond to network triggers and send a spoofed rst packet to 'kill' a tcp connection based on rules. But tcp isn't the only protocol to watch for.

You may want to have a look at the honeynet project. There may be some info there. I've seen plenty of interactive connection killers and this may be what you want to look at. But far as protections that are not in-line, those are typically passive (report only) IDS solutions. A firewall has to be in-line or else it's not a firewall.

ipv4 networks were not designed to allow what you ask.. since in the wrong hands it could be a really bad thing.. it's possible but on a really limited scope. And for good reason.

I hope the honeynet project has something that will help.

-b
 
Old 11-16-2004, 07:19 PM   #3
tisource
Member
 
Registered: Feb 2002
Posts: 322

Original Poster
Rep: Reputation: 30
Interesting. TCP is what I would be blocking, of course.

The apps I've seen that do block that traffic (like the network appliances I was referring to earlier), do break the OSI model, come to think of it.

I did have my doubts.... and you confirmed my initial impression on the matter. I just wasn't sure.

I'll look into this info... thank you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem loading in promisc mode juanb Linux - Networking 1 09-16-2004 07:54 PM
set nic in promisc mode juanb Linux - Networking 1 09-01-2004 03:40 PM
configuring an interface to go into promisc mode on bootup xyyz Linux - Newbie 1 03-19-2004 04:19 AM
Promisc mode:Win2k question A-dummy Linux - Networking 3 09-03-2002 10:54 PM
eth0 in promisc mode sabeel_ansari Programming 2 06-21-2002 06:14 AM


All times are GMT -5. The time now is 11:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration