Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am running Kubuntu 7.04. The Firestarter program tells me that the firewall is active (I assume it is referring to iptables).
I'd like to open the ports necessary to fully utilize P2P file sharing applications like Limewire and Azureus. I want others to download from my share.
So how would I permanently open a certain port in iptables? I don't see an option in Firestarter to do this. I also have Guarddog installed as well (though it tells me "Guarddog was unable to find a Guarddog firewall at /etc/rc.firewall").
Not sure what Guarddog does, if it's a front-end for iptables like Firestarter is, but anyway. An empty iptables ruleset (both policies and rules) is like not using iptables at all. To have a port closed at all, you either need to specify a policy that drops every connection that matches the chain you wanted, or a special rule to do that. So, if you feel the port(s) are closed, you either need to remove the rule that closes the port(s), create a new rule to allow using those ports (or modify an existing rule, so you don't have overlapping rules) or change policy. To make a decicion, you need to know the current configuration: as root, run
Code:
/sbin/iptables -L
and it's shown to you.
So if you use firestarter, add a new rule that ACCEPTs incoming traffic to the port(s) you want, or use iptables (read 'man iptables' for that; it's really easy once you get it).
So if you use firestarter, add a new rule that ACCEPTs incoming traffic to the port(s) you want, or use iptables (read 'man iptables' for that; it's really easy once you get it).
In Firestarter, under Policy I go to "Add Rule" and it tells me to fill in a field that's labeled "IP address, host, or network". Do you know how I can just specify traffic to be permitted (from any source address) using a certain port number? For instance, Limewire has port 42042. Thanks a lot!
In Firestarter, under Policy I go to "Add Rule" and it tells me to fill in a field that's labeled "IP address, host, or network". Do you know how I can just specify traffic to be permitted (from any source address) using a certain port number? For instance, Limewire has port 42042. Thanks a lot!
Errm, what it means is that, although you nominally have the firewall active, it is permitting everything.
In other words, you are getting the same protection from the firewall as if you had no firewall running. That is none.
What you ought to have (ideally) are chains which have a policy (default set of actions) of drop and a list of specific things that you allow. You could proceed by trying to create default policies of 'accept' and denying specific things, but that's more difficult to make secure (particularly as new threats arise).
Any of the 'Linux Firewalls' programs aren't really that at all; they are simplified interfaces to the underlying Iptables/Netfilter system. What this means is that you should only use one. Having another on your disk isn't bad, but be careful to only try to use one at once, otherwise the situation could get confused.
There are iptables tutorials on the web (...google! the one on frozentux is very complete, but you probably want something simpler like the one on yolinux), but if you have decided to use firestarter have a look to see if there are any examples using it, say, on its website or elsewhere. (I'd be very surprised if an 'easy' Iptables interface didn't provide some examples or a tutorial somewhere as part of the support that is provided.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.