LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-08-2003, 10:42 PM   #1
bLaDe
Member
 
Registered: May 2003
Location: Adelaide, Australia
Distribution: Fedora Core 3
Posts: 52

Rep: Reputation: 15
Shorewall Firewall Questions


Howdy Guys,
I am using Shorewall with my Mandrake 9.0 box and have just done a port scan on my system. I found that Ports 53 & 139 were accessible to the outside world and curious how do I go about closing these off to make it more secure?

From what I understand 53 is DNS and 139 is Samba which could be rather dangerous if it's in the same sense as the Port 139 on a Windows box.

I am using Webmin to modify rules, the fules I have setup currently looks like the following screen dump

I know they are a little messy especially the one's for samba but I haven't as yet worked out how to only allow only local area traffic through which is a little later on in this post.

I don't really understand what all these zone net, zone fw, zone masq etc mean so I'm after a bit of help perhaps someone pointing me in the right direction or even explaining them, I am not afraid of reading as I have done plenty of that recently.

While I am at it, is there anything else I should close off going by the screenshot.

Actually how can I go about setting up the firewall so I can block everything from the outside except ports I want perhaps an ftp or http server and leaving the inside wide open for PC's on the lan since they all belong to myself or the family and security isn't really an issue.

Any help would be great

Thanks
Darren
 
Old 08-08-2003, 10:56 PM   #2
tarballedtux
Member
 
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498

Rep: Reputation: 30
To be blunt, which I will, if something is doing something for you and you don't understand how it's doing it. Be afraid or at least curious in your case. If don't already know much about Ethernet and iptables. Read up on them with thse two great articles.

http://www.tldp.org/HOWTO/Ethernet-HOWTO.html
http://iptables-tutorial.frozentux.n...-tutorial.html

These should at least get you going in the right direction on how to write your own firewall scripts using iptables which is built in to practically all new Linux distributions


--tarballedtux
 
Old 08-09-2003, 08:49 AM   #3
tobyl
Member
 
Registered: Apr 2003
Location: uk
Distribution: slackware current
Posts: 743

Rep: Reputation: 50
The homepage

http://www.shorewall.net/

has a lot of info. Also just reading the commented files in /etc/shorewall will give you a start. Webmin sounds a handy way to administer shorewall, but I think you need to start with the config files.

fw, net, etc are just abbreviations for firewall, internet etc.
(/etc/shorewall/zones).

As you said, a bit of reading required!

good luck.
 
Old 08-13-2003, 08:46 PM   #4
bLaDe
Member
 
Registered: May 2003
Location: Adelaide, Australia
Distribution: Fedora Core 3
Posts: 52

Original Poster
Rep: Reputation: 15
Hi guys and thanks for the replies.

Sorry I've taken soo long to reply but it's been rather hectic of late.

Ok, here is where I am at. I printed out a how-to on the shorewall site and read through it a few times to familarise myself. I have just started to make changes a few minutes and have a couple of questions on the setup of it, I am not too sure what they mean.

1) In the firewall rules file, the default I have is
Quote:
ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp,3128 -
and
Quote:
ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp,3128 -
I am not too sure about the
Quote:
ACCEPT fw masq tcp 631,137,138,139 -
or
Quote:
ACCEPT fw masq ucp 631,137,138,139 -
either, it's just the fw and masq part that appears to be confusing me.

Now I understand what the domain, bootps etc means but I don't understand what the
Quote:
masq fw
is. Looking in the how-to it simply explains masquerading as the case where you let your firewall system automatically detect the external interface address. Is this simply my IP which my ISP assigns me through a DHCP server? Is it wise to have all of the above in place?

I think I am getting somewhere slowly but a few more questions.

Since I don't want to be spoonfed where possible here is what I am thinking is going on, if I am way off target could someone please correct me

Basically the
Quote:
net fw
means external traffic (internet) coming in goes through the firewall and it then checks the rules to see whether it's allowed and lets it through.

Quote:
loc fw
all local traffic ie lan traffic is allowed to connect to whatever ports I setup ie ftp, http, ssh etc.

By the way just thought I would let you know I have much more confidence now, before reading the how-to I was dumbfounded and was scared out of my wits but now I have jumped in the deepend and there is no turning back.

Thanks again for all your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
configuring shorewall (firewall) mrbig Linux - Software 2 09-09-2005 11:15 AM
shorewall firewall problem wisdom Linux - Security 1 02-02-2005 08:27 PM
Shorewall or other firewall??? SlipAway172 Linux - Security 5 01-25-2005 12:42 AM
Please help me: Shorewall firewall can only ping out neilcpp Linux - Security 2 10-21-2003 03:24 PM
Putty and Shorewall.. need help with firewall Newman_SCO Linux - Newbie 5 08-04-2003 03:43 PM


All times are GMT -5. The time now is 10:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration