LinuxQuestions.org - Guarddog : opening port for incomming connection

- Debian (https://www.linuxquestions.org/questions/debian-26/)

- - Guarddog : opening port for incomming connection (https://www.linuxquestions.org/questions/debian-26/guarddog-opening-port-for-incomming-connection-237236/)

Guarddog : opening port for incomming connection

How can I open a port (ssh, http) for incomming connections using guarddog?

Answer:
Got this reply from a good soul on guarddog mailing list:
Click the Protocol tab then select the "local" zone.
On the right, expand "Interactive sessions". Find SSH and check (not X) the boxes to allow the local zone to provide SSH services to whatever other zones you choose.

Read the sticky 'Debian Configuration Post-Install' at the top.

Do yourself a favor, read the WHOLE thing, including the other posts within the thread, it will save you some posting.

Quote:

Originally posted by macondo
Read the sticky 'Debian Configuration Post-Install' at the top.

Do yourself a favor, read the WHOLE thing, including the other posts within the thread, it will save you some posting.

I did read it through.
your tutorial shows how to allow outbound connections from local applications, what I need is to allow incomming connections from the internet.

so ftp, http, mail, are not inbound connections from the internet? I must confess, i haven't used SSH yet.

everything you select (afaik) in the protocls section is opening outbound only.
when I use shields-up to check it (you see I read it? :) ) , all of the ports are blocked - and still I have no problems to access the web or do anything.
I suspect its just not possible with guarddog - and if thats the case, I`ll use the less convinient (to my taste) firestarter.

"everything you select (afaik) in the protocls section is opening outbound only."

Maybe somebody who uses SSH, can explain this, i sure am ignorant about this subject." :(

"when I use shields-up to check it (you see I read it? :) "

attaboy!

"all of the ports are blocked - and still I have no problems to access the web or do anything.
I suspect its just not possible with guarddog - and if thats the case, I`ll use the less convinient (to my taste) firestarter."

No, i don't think so, if it is as you say, Firestarter configuration is the same (you enable the ports open), maybe there is some way of doing in both, but we don't know.

Have you tried to ssh to your computer? what does it say?

locally it works fine.
and remotly it works only when the firewall is disabled.

about firestarter - the first time I ran it it asked me if I want to make certain services public, which is just what I need.
but now firestarter seems broken - it says some files /etc/firestarter/firewall.sh is missing.
tried to purge it and re-install, but its still missing.

FireHOL is another firewall. It doesn't have gui but the configuration syntax is very simple. There's a tutorial for FireHOL http://firehol.sourceforge.net/tutorial.html See if that makes sense to you and if it does, just remove the other firewalls ("aptitude purge guarddog" && "aptitude purge firestarter") and install FireHOL.

But DON'T attempt to use many firewalls at the same time!

Dead Parrot:
last night i was bored with the presidential debate, and disinstalled Guarddog and installed Firestarter, which gave me some open ports at grc.com, uninstalled that and installed Firehol, which was easy to set up (default, did nothing) but also showed some red ports at grc.com, uninstalled too, So far, Guarddog is the only one that gives me a clean bill of health at grc.com .

This is going to require some serious reading this weekend. I like Firehol, it was a snap. Then, following one of your posts, i uninstalled XDM, which took with it 'x-window-system' but left 'x-window-system-core', with the hope of eliminating a bunch of worthless fonts, rebooted, and came back to the console login, which was fine, but still i'm getting all those attempts by some companies to go out, which has to do with the configuration of the firewall. Any ideas?

What's your config on Firehol, and do you get these messages when you are at the console for a while?

I get these messages too.
the most annoying thing is that they pop up when you are at your lowest, with just terminal.
whats the deal with the companies? what companies?

Quote:

Originally posted by Dead Parrot
FireHOL is another firewall. It doesn't have gui but the configuration syntax is very //...

But DON'T attempt to use many firewalls at the same time!

I`ll try it soon, thanks.

@macondo:
Thanks for the tip! I've only tested FireHOL (basic setup via "firehol-wizard") in the "Shields UP!!" page -- seemed to be OK. Must try other tests too, the FireHOL page at Sourceforge recommends installing Nessus.

I'm very ignorant on the topic of iptables/netfilter. Have always thought there's plenty of time to study it later on. :(

I have bookmarked this issue of Linux Productivity Magazine for further studies: http://www.troubleshooters.com/lpm/200305/200305.htm Should probably give it a closer look some time during this weekend. :)

Edit:

Ah, grc.com is the same as "Shields UP!!". Well, my FireHOL setup passed it cleanly.

My /etc/firehol/firehol.conf looks like this:

Code:

version 5



# Accept all client traffic on any interface 

interface any world

        client all accept

My /etc/default/firehol looks like this:

Code:

START_FIREHOL=YES

In addition, I have "S38firehol" in /etc/rcS.d/. Before testing FireHOL make sure that you haven't got any other firewall scripts in /etc/rcS.d/ or /etc/rc{2-5}.d/. It's better to remove other firewall programs with "aptitude purge" to make sure that they don't interfere.

About those annoying console messages: You can quiet them down by adding the line:

Code:

dmesg -n1

to some init script (it might be useful to make a special "local" init script, like suggested here: http://www.desktop-linux.net/debian-rclocal.htm )

- - -

The steps to enable FireHOL are:
1) Install Firehol.
2) Edit /etc/default/firehol (change "START_FIREHOL=NO" to "START_FIREHOL=YES").
3) Run (as root) "firehol-wizard"
4) Start FireHOL (as root) with "/etc/init.d/firehol restart".
5) Test if your firewall works as expected:
https://grc.com/x/ne.dll?bh0bkyd2
http://scan.sygate.com/

Dead Parrot:

did a fresh installation on my neighbor's box, he wanted Sarge, did the ReiserFS/x-window-system-core/fluxbox/Firehol/kernel-image -2.6-686 bit, we followed your instructions to the letter, did the configuration, he is so happy 'cause his box never been so fast! it worked like a charm, we left the matter of the messages for tomorrow. FireHOL only showed stealth and closed ports. :)

Thanks, mate!

Quote:

did a fresh installation on my neighbor's box, he wanted Sarge, did the ReiserFS/x-window-system-core/fluxbox/Firehol/kernel-image -2.6-686 bit [--] he is so happy 'cause his box never been so fast!

Debian is sweet. :)

However, there's a potential security problem in installing x-window-system-core and using .xinitrc -- it doesn't automatically invoke xauth (like xdm does), which leaves doors wide open for anyone to remotely access your Xserver.

The simple solution is to add

Code:

xhost +localhost

to the beginning of .xinitrc.

Or, alternatively, you can edit /etc/X11/xinit/xserverrc and make Xserver call xauth:

Code:

#!/bin/sh

/usr/X11R6/bin/xauth add :0 . 

exec /usr/bin/X11/X -dpi 96 -nolisten tcp -auth $HOME/.Xauthority

Apparently using xauth is the solution that most people recommend, but for normal users xhost should be safe enough, especially when you have a good firewall. :cool:

Edit:
I had to edit the xserverrc lines a bit (tested the earlier version with Nessus and noticed it didn't work, but now it works :)).

i had put this on his ~/.xinitrc

#!/bin/sh

xhost +localhost
exec fluxbox

plus at the terminal:

#export XAUTHORITY=/home/raul/.Xauthority

just to make sure :)