|
Firestarter firewall configuration ?? error ??
Firestarter keeps blocking The IP Address x.x.x.x on different ports.
Ubuntu GNOME Network Manager Connection Information: For Wireless Network Connection wlan0: network (default) IP Address: x.x.x.x Broadcast Address: y.y.y.y Subnet Mask: z.z.z.z Default Route: o.o.o.o Primary DNS: l.l.l.l Secondary DNS: i.i.i.i I want to be able to browse the Internet (HTTP?, HTTPS?) Check my Mail using Thunderbird (POP3 SSL, SMTP) Download Files using qBittorrent (ports x-x) And let Ubuntu connect to the Internt for Updates. I don't need anything else. How do I configure Firestarter to do this? Currently I have HTTP, HTTPS, POP3 SSL, SMTP and Bittorrent ports in the exception list for outbound and inbound connections whitelisted (allowed, only). Because of annoying alerts for blocked connections of my own IP address I whitelisted that (x.x.x.x). But it hasn't done anything. How do I configure Firestarter properly to protect my computer and let me do those things? I'm a newbie at IP tables so please use Plain English so I can understand. I'm really confused? Thanks Much LQ. Most appreciated. |
Quote:
The information that you give with all of the addresses obfuscated is basically non-information after you have obscured all of the IP information (it makes sense to obscure the external IP given to you by your ISP, but I can't see why the rest would be at issue provided that you use an adress range that isn't routable on the internet - eg, 192.168.x.y or 10.x.y.z). Oh, and use code tags with anything like that, for readability. I want to know what kind of connection this is (wired ethernet, wireless, USB, other) to what kind of device (does it have ethernet ports, is it a modem/router, is it a USB thumb device, does it have an internal firewall), and how is it configured (is it using DHCP, for example) what kind of internet connection this is (ADSL, wireless, ISDN, fibre, dial-up), what distribution you are using. Whether you want to use plain English, fancy English, Esperanto, Klingon or binary is up to you, but one selection from the above will make the helpful kind of help more likely than others. You could post your iptables rule set (use iptables-save to get it into a text file) and that might help. |
My apologies, salasi. ;)
General Information: I am using a Wireless Connection (wlan0). I also use an Ethernet connection as well (eth0). My Internet connection is cable, which goes through some type of "modem", and then from there: a Linksys G router. I am Using Ubuntu Karmic Koala 9.10. I was too naive in my thinking this problem was trivial; I appreciate your reply. :newbie: Here is the information Ubuntu Network Manager reports (less obscured and in code tags): Code:
Interface: 802.11 WiFi (wlan0)
Here's my current firewall configuration, to make it easier:
As for iptables-save, it completed but I didn't know where it saved and I couldn't define my own path where to save it so I gave up. Instead I typed iptable --help and found iptables --list command, so here it is (x.x.x.x is my IP address, ISP is my internet service provider): Code:
sudo iptables --listAnd to repeat my general problem with that configuration: Firestarter keeps blocking connections from my IP Address, before I allowed it as an exception. Now I can't connect to the Internet with my firewall ON at all! [I'm not sure why] So my main question is: Whats is the best firewall configuration to allow me to do the things listed above, with maximum security? |
Quote:
[QUOTE] As for iptables-save, it completed but I didn't know where it saved and I couldn't define my own path where to save it so I gave up. Instead I typed iptable --help and found iptables --list [QUOTE] that's fine: My suspicion is immediately drawn to the lines like: Code:
ACCEPT tcp -- cdns2.ISP.net anywhere tcp flags:!FIN,SYN,RST,ACK/SYNWhat exactly were you hoping to achieve by the flag combination specifically? Quote:
Quote:
I think that you are overcomplicating this and concentrating on the wrong risk: assuming everything is ethernet or ethernet-like (eg, wireless, but not a USB dongle) you will get all your traffic from your modem or modem/router and all the traffic will be packets that come from that device, but have the information encapsulated in them that say the are originally from somewhere else. So, assuming that you have some level of control at your modem/router or modem, firstly take whatever control you can there. Usually there is some kind of simple firewall or access control system there and you should use it. At that point, with wired ethernet, if everything that you get comes from your modem/router that should cover the absolute basics. For wireless, there is an additional risk. Someone local to you can send you packets (this might also apply to wired, if you don't have physical control of the location, but I assume that you do have that control, but if you turn out to be an enterprise that would be a bad assumption) and those packets could be crafted to do you harm. So, you would like to ensure that you only get packets to your box from your m/r. Filtering to ensure that should be easy to get you head around. And you want to ensure that you have a good level of encryption on traffic between your box and the m/r (and WEP, rather than WPA, isn't that...I know that you haven't commented on that but you could get that wrong). Also, ensure that your box only has the services that you really want to use listening: netstat -l will probably show up processes with which you are unfamiliar, but a combination of netstat -lt and netstat -lu should all be clear to you. Packets sent to ports for which there is no listening process should just be ignored; it does no harm to explicitly drop them in the firewall, but the big danger is that there is some process that you haven't thought about which will react to unwanted packets and that reactions might be 'bad'. If you have services running that you know that you don't need, stop them. If you have services that you don't understand, start by understanding them. |
Quote:
Quote:
Quote:
Quote:
I'm just very unsure in this area of what to do. Quote:
Also I have confirmed I connect to the internet using DHCP. Although you have been a tremendous help salasi, the original question/topic remains as unsolved. I still can't figure out how to configure the firewall correctly. Thanks ~ |
Quote:
You should, however, be able to get it to something simple, which is just get it to accept all of the packets that come from your router's IP address, without any of this messing around with what state the connection is in. You may subsequently want to elaborate things by doing something different with 'new' (packets/connections) than 'established' or 'related' ones, but it isn't necessarily needed, and certainly not trying to do any 'showboating', if I can call it that, is going to be the way to start - start simple and build up. Quote:
Quote:
Quote:
You can find what port numbers are associated with a particular service from /etc/services (eg 'cat /etc/services | grep - i domain', to search on the word domain, which (rather than DNS, apparently) is likely to be in any reference to DNS services) Quote:
Quote:
|
Alas, I must admit that when it comes to iptables and firewalls, I'm not much use on the old CLI. Firestarter seems to be the most comprehensive in terms of options.
Anyway, which IP addresses should I allow? I'm guessing the IP address that is assigned by DHCP, but is there another one I should allow? I do appreciate your help salasi, I honestly do. Sorry if I sound too critical or rude. |
Quote:
Quote:
The internal interface has an IP. This is of concern to you, as this is the interface from which packets come. It is probably a 192.168.x.y and it is probably set up in a screen in the web interface of the modem/router box. You need to allow packets from that IP address, otherwise you will have nothing, as all the internet stuff comes from there. |
Quote:
Code:
Chain INPUT (policy DROP 0 packets, 0 bytes) |
| All times are GMT -5. The time now is 09:59 PM. |