Hi, on recent advice from security questions ive been asked, ive installed iptables.

(comes with redhat 9)

i set it up dureing a complete re-install.
and set it at maximum security. it said it would not allow any incomming connections that were not user defined.

i have not defined any connections to allow yet, so decided to test it with yep, telnet.

with my firewall up, and set to dis-allow all incomming connnections, why is it that im able to telnet sucessfully to cups and smtp ???

should the firewall not dissallow it ?

i am currently reading documentation on the iptables homepage,
are there any other resources any1 could recomend for a first time firewall user ? or will the home site be surficiant ???

thankyou.

Can you please iptables -nvL and check whether iptables is running. Also, if you do a telnet 127.0.0.1 it would work.

Hi

When you telneting the box Iḿ sure you will notice that you will not be able to connect and work with it remotely therefor the service to the box has been blocked/closed. When you telnet smtp or any other service it will responed as this port is open for a incomeing connection. This normally a good method to be used to see if the port is responding or up. When you telnet a service like smtp for e.g you will see a dash blinking but you will not see a login prompt therefor there is nothing to worry about it is just saying Iḿ up and ready.

I don t think there is a way to block telnet to those services I ve never heard of it but HEY always eager to learn.

I hope this helps
cheers

thankyou guys,

u read the documentation and found that the initial setup i did did not actually setup any chains... (all my chains INPUT OUTPUT OFRWARD) are empty, and policy set to ACCEPT)

i think i know enough to input my own chains, BUT there are some things i would like to ask first.

first of all, i am going to leave my FORWARD chain empty and set it policy to REJECT (i am not using my box as a proxy / firewall to a LAN)

also, i assume no matter what i do with IPTABLES, ALL connections made via the loopback interface (127.0.0.1) will be accepted ?? (or will i have to add that to INPUT and OUTPUT ?)

My understanding of networks if very simple, i know only what i needed to know for winsock programming in windows, but, here's my understanding.

*when in a browser i type 'www.google.com/linux' the browser first look up the name google.com on a server to get its IP address (what is this server ? will i have to add it to my OUT CHAIN ????)

then it connects to the given IP address on port 80, the remote server is only listeining on port 80, and accepts the connection of a freee port, lets say port X.
but i have NO idea what port the info is sent to my browser through.

as you can see, im still a little confused, is there any firther documentation ?

or could any1 port there INPUT / OUTPUT chains that i could look at as an example.

thankyou.

OHH, and more thing, are the changes i make to IPTABLES instaltyl enforced, or do i have to restart my machine ????

thankyou for your reply.

> i assume no matter what i do with IPTABLES, ALL connections made via the loopback interface (127.0.0.1) will be accepted ?? (or will i have to add that to INPUT and OUTPUT ?)

Iptables won't allow loopback traffic unless you tell it to. Either you can just allow all INPUT traffic, which is a really, really bad idea or you can have you default INPUT policy be DROP and then just add the rules you want i.e iptables -A INPUT -i lo -j ACCEPT

> *when in a browser i type 'www.google.com/linux' the browser first look up the name google.com on a server to get its IP address (what is this server ? will i have to add it to my OUT CHAIN ????)

These are your DNS nameservers. They are automagically punched through the firewall for you during the init process.

> then it connects to the given IP address on port 80, the remote server is only listeining on port 80, and accepts the connection of a freee port, lets say port X. but i have NO idea what port the info is sent to my browser through.

A "clean-up" rule like this will catch all the situations where an initial connection that you initiate is handed off to a different port number:
iptables -A INPUT -p ALL -m state --state RELATED,ESTABLISHED -j ACCEPT

>is there any firther documentation ?
Check out the netfilter howto's at www.netfilter.org . The FrozenTux one is pretty good. They also have example firewalls you can check out.

>OHH, and more thing, are the changes i make to IPTABLES instaltyl enforced, or do i have to restart my machine ?

You will have to restart iptables, but not you're entire system.

Thankyou.

but im still having trouble with this whole DNS thing.

just for testing, i have my INPUT policy set to accept, (no rules)
and output policy set to drop, with only 1 rule...
iptables -A OUTPUT -p tcp -d smtp.ntlworld.com -dport 25 -j ACCEPT

(ip tables seems to automatically convert the URL into an ip address)

but, all my telnet connections to that server's URL are DROPED (unless i telnet to that servers IP address)

i assume this is my firewall stoping telnet from accessing the DNS servers ????

but anyway, ive started a seperate thread about this problem, (dont want to be shouted at for double posting) but thankyou for ur reply.

Ahh I see what's going on now. Iptables can't take a URL (smtp.ntlworld.com) as an argument with the -d option. It only accepts ip addresses, so you'll have to find out what is there ip address. I get:

$ping smtp.ntlworld.com
PING smtp.ntlworld.com (62.253.162.40)

HTH

lol, actually, (like i said in the other thread)
i fixed it by adding the dns servers to as accept rules in OUTPUT.

im online so iptables seems to be converting the URL to an IP anyway, but thanx.

(i know this is kind or a double post, but it wasnt delibrate, and the probs all fixed now, so thanx every1.