Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Well, they block incoming ports/requests. Basically serves as just a hardware firewall. Its easy to configure as well, with port forwarding to a specific IP on your LAN. Mine does a job well done, got about 7 machines running behind mine connected to my cable modem connection.
Might want to check out their site for more info: http://www.linksys.com
Originally posted by peter_robb I'm concerned about the "quality" of the firewalling.
A second firewall behind it never hurts, but are they good enough to leave on their own?
Regards,
peter
I trust mine, though I don't really keep anything special that if someone did attack, oh well, I would reinstall. But it never does hurt to have a second firewall behind it.
Mine has been good to me as well. Port forwarding works great, and the logging feature is good to. I have it sending the logs to a linux box, where I made a script to read the SNMP logs and system info(uptime, df, free, etc) and output the info into daily html webpages that I can read without ssh'ing over to read them.
They are getting pretty cheap also, I got mine free but you can pick one up for about $75 or less.
Originally posted by hanzerik Mine has been good to me as well. Port forwarding works great, and the logging feature is good to. I have it sending the logs to a linux box, where I made a script to read the SNMP logs and system info(uptime, df, free, etc) and output the info into daily html webpages that I can read without ssh'ing over to read them.
They are getting pretty cheap also, I got mine free but you can pick one up for about $75 or less.
I'm concerned about the "quality" of the firewalling.
A second firewall behind it never hurts, but are they good enough to leave on their own?
Its a statefull firewall. Its as good as any other stateful packet filter. Its prolly (not for sure) a lot harder to hack then a linux firewall for a few reasons, mainly its an embeded box.
but you still have other security conerns ie
if an adversary can get a user on the inside to execute some bad code through a browser attack, vulnerable service that is open through the firewall or something like that.
but 2 or 3 firewalls wont really stop that. my suggestion is have a good border firewall (like the linksys box) then have good firewall rules on each host.
Then try some personal firewall (for win boxes) that will prevent the hosts from make outgoing connections unless allowed by the user.
that will do a decent job of locking down a home network.
# system_page - A script to produce an system information HTML file
##### Constants
TITLE="System Information for $HOSTNAME"
RIGHT_NOW=$(date +"%x %r %Z")
TIME_STAMP="Updated on $RIGHT_NOW"
DATE_FORMAT=$(date +%h.%d.%Y)
##### Functions
Simple bash shell script that reads system info and firewall log, outputs the info into a html file, clears the log and starts a new one. The html file gets created and a link to the new daily log page gets appended to the index page
I have a linksys router myself and it's really good... easy setup and it's easy to forward stuff to my linux box since it does handle the ftp / http / telnet / etc services...
I also have LinkSYs router with Red hat 7.3 box. I want to open telnet that uses 23 port. How that can be done in Linksys? Moreover, by default all ports in LinkSys are closed.
open your browser and type the ip address of the router which by default is 192.168.1.1 and type in the password which by default is "admin" unless it was changed... no user just leave it blank... then click the Advanced tab... click the Forwarding tab ... under service port range type 23 in both boxes and under the ip address to the right of those two boxes type the address of the red hat box which for some reason my only lets me change the last number in the 192.168.1.xxx <--- change those xxx's to match your linux box... this also helps for when you want to open a game port ... say your running quake 2 server... open port 27950 to your linux box... or whatever computer is running the quake 2 server... and leave the protocol to both i guess.. i don't know what that's for... atm... i'm still learning mine but I have always left it to both.
23 ~ 23 192.168.1.300 for telnet
27950 ~ 27950 192.168.1.300 for quake2 server
80 ~ 80 192.168.1.300 for http server
etc..
most of the time my router will somehow remember my computer and keep it with the same ip address even if it has to skip a number but all of the computers are set to Dynamic IP (main computer 100, linux box seems to stay at 102) even if 101 isn't turned on. /shrug ... it did same thing with laptop until i changed the network pcmcia card and then it changed to a different number BUT i went to the dhcp client table and it still has that 103 available for my laptop's network name... /shrug so yea that's how you do it..
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.