Shorewall Firewall Questions
 

Howdy Guys,
I am using Shorewall with my Mandrake 9.0 box and have just done a port scan on my system. I found that Ports 53 & 139 were accessible to the outside world and curious how do I go about closing these off to make it more secure?

From what I understand 53 is DNS and 139 is Samba which could be rather dangerous if it's in the same sense as the Port 139 on a Windows box.

I am using Webmin to modify rules, the fules I have setup currently looks like the following screen dump

I know they are a little messy especially the one's for samba but I haven't as yet worked out how to only allow only local area traffic through which is a little later on in this post.

I don't really understand what all these zone net, zone fw, zone masq etc mean so I'm after a bit of help perhaps someone pointing me in the right direction or even explaining them, I am not afraid of reading as I have done plenty of that recently.

While I am at it, is there anything else I should close off going by the screenshot.

Actually how can I go about setting up the firewall so I can block everything from the outside except ports I want perhaps an ftp or http server and leaving the inside wide open for PC's on the lan since they all belong to myself or the family and security isn't really an issue.

Any help would be great

Thanks
Darren

To be blunt, which I will, if something is doing something for you and you don't understand how it's doing it. Be afraid or at least curious in your case. If don't already know much about Ethernet and iptables. Read up on them with thse two great articles.

http://www.tldp.org/HOWTO/Ethernet-HOWTO.html
http://iptables-tutorial.frozentux.n...-tutorial.html

These should at least get you going in the right direction on how to write your own firewall scripts using iptables which is built in to practically all new Linux distributions


--tarballedtux

The homepage

http://www.shorewall.net/

has a lot of info. Also just reading the commented files in /etc/shorewall will give you a start. Webmin sounds a handy way to administer shorewall, but I think you need to start with the config files.

fw, net, etc are just abbreviations for firewall, internet etc.
(/etc/shorewall/zones).

As you said, a bit of reading required!

good luck.

Hi guys and thanks for the replies.

Sorry I've taken soo long to reply but it's been rather hectic of late.

Ok, here is where I am at. I printed out a how-to on the shorewall site and read through it a few times to familarise myself. I have just started to make changes a few minutes and have a couple of questions on the setup of it, I am not too sure what they mean.

1) In the firewall rules file, the default I have is
and
I am not too sure about the or either, it's just the fw and masq part that appears to be confusing me.

Now I understand what the domain, bootps etc means but I don't understand what the is. Looking in the how-to it simply explains masquerading as the case where you let your firewall system automatically detect the external interface address. Is this simply my IP which my ISP assigns me through a DHCP server? Is it wise to have all of the above in place?

I think I am getting somewhere slowly but a few more questions.

Since I don't want to be spoonfed where possible here is what I am thinking is going on, if I am way off target could someone please correct me :)

Basically the means external traffic (internet) coming in goes through the firewall and it then checks the rules to see whether it's allowed and lets it through.

all local traffic ie lan traffic is allowed to connect to whatever ports I setup ie ftp, http, ssh etc.

By the way just thought I would let you know I have much more confidence now, before reading the how-to I was dumbfounded and was scared out of my wits but now I have jumped in the deepend and there is no turning back.

Thanks again for all your help.