Where would I find a tutorial in building a simple linux firewall ?
Hi everyone:
Where would I find an easy to follow tutorial in building a simple linux firewall ? Is it possible to use an Open BSD PF on an Ubuntu Linux 10.04 machine? and if not, why not? mansour |
Here's an iptables tutorial:
http://www.frozentux.net/documents/iptables-tutorial/ It might be easier to use an rc.firewall script, such as this one: http://projectfiles.org/firewall/ The script is well-annotated. And here's The Linux Documentation Project HOWTO: http://tldp.org/HOWTO/Firewall-HOWTO.html I usually use either an rc.firewall script or the Firestarter GUI frontend for iptables. Firestarter is in the Ubuntu repos. |
Quote:
Hi: Thank you very much for the useful sites, but if I don't know how to recompile the kernel as suggested in that HowTo, should I just go with the Firestarter which is a GUI as I understood. Am I correct to assume that the Firestarter GUI works well on a Ubuntu 10.04 machine, which I am going to use for my Firewall? mansour |
Quote:
And: Quote:
Of course, it is likely to be possible for an expert with quasi-infinite resources, but why would they do that? What advantage is there that would accrue which would lead them to do this? It would probably be easier to 'fix' iptables to include whatever it is that is the hidden advantage of PF rather than get PF to work with Linux, but that doesn't make it impossible (just unreasonable/insane, but a lot of good can come out of insane projects...) Quote:
(so, really, iptables is the firewall, these other things are just easier ways of controlling it...and, another possible wrinkle is that if you are using one of the very compact distros (dsl, etc) that uses an earlier kernel, you might find that you are using a precursor to iptables, but the view from 10,000 ft is the same, anyway) In general, whatever your distribution, if you can get the 'firewall' (the program to interface to the firewall, not iptables, itself) from your distro's repositories, then that ought to work with your distribution in a relatively painless manner. If not, there is something wrong with how your distro has configured the program and its install routines. (I don't think that firestarter is the default for Ubuntu, but Gufw, or something, is*. However, if you install from the main repos of your distro, whatever you get ought to work, or it is a misconfiguration bug. If, hiowever, you manually compile the code for something from, eg, a widely available .tar.gz that has not been tweaked for you distro it may work or it may not, depending on whether any tweaks are required for your distro. Obviously, you may have more difficulty getting help with a problem like that.) * ...and, at some points, the default for Kubuntu has not necessarily been the same as Ubuntu (what about xubuntu, lubuntu, etc, etc?), so we do have to be careful about what exactly we are talking about here but I am referring to Ubuntu, and not the other Ubuntus, or Ubuntu server. |
Quote:
Hello salasi: Thank you for all this useful feedback. Actually this is what I had thought or guessed myself too, I mean I don't know anything about recompiling. So I am not going that root, and therefore PF is out for me, at this stage of my knowledge. OK, I downloaded the Firestarter last night from their site. But do I need to connect it to the iptables at all, and how would I do that? or if you suggest that it should get me started right after the download, it isn't happening. I appreciate if you can guide me about using my Firestarter. I am just trying to learn the basics of using a firewall. mansour |
Quote:
|
Run Firestarter as root and it will take care of finding iptables.
|
Quote:
I did, but maybe didn't understand it well, I know what is the real firewall in linux.(is the iptables or ipchain) obviously the Firestarter is only a GUI interface with the iptables, in order to control it. And I have installed it already on my ubuntu desktop machine. But I don't know how to use it now. Now are you saying that I should forget about the Firestarter and instead install the GuFw. I am not going to do that. mansour |
Quote:
If there was a way to show you guys my screen shot I would do it, but I don't think the forum features would allow that. Is there anyway that I can check in the terminal, on the command line, whether or not the Firestarter is working well? mansour |
Quote:
Ok, it definitely is working. I have an icon under the Administration menu, and I also copied it to the desktop. The Active button is displayed. I still don't know how to change the policies. I have a manual of 30 pages for it, which I find a bit challenging to understand for a beginner to the firewalls world. mansour |
Quote:
Quote:
Note also that creating iptables rulesets is not the only thing that firewall utilities do; there is some level of configuring the kernel that is usually done as well. Ubuntu is somewhat variant in this regard, so unless you have a utility modified for the Ubuntu platform, the kernel config part may not work. If you get something out of the Ubuntu repos, I am 99.9% certain that it will work; for something from a producer's website, it is probably closer to 50%. |
Quote:
Well, I actually removed it once, and then re-installed it again form the command line. #apt-get install firestarter So I think is from the ubuntu repositories. I think it is a success initially, I just have to learn to configure the policy page. I copied its icon on my desktop as well. Everything seems clear. Its active button is seen, a UDP connection from SMB service from my Win XP was blocked on five or six occasions on first time around 7:30 pm when I first statrted it. I just don't know yet how to make any changes to the policy page if I need to. And it has a 30 page manual with it that is hard to understand. So this would be my stand alone firewall, and I will isntall one on each machine I have. That's three linux machine. mansour |
Quote:
The Firestarter's policy sub menus are greyed out. Does anyone know why this is happening ? I installed it two nights ago and now I am trying to understand how to use it, by reading its 30 page manual. However the policy sub menus are all greyed out. I installed it using the terminal command line. # apt-get install firestarter I even just posted the same question on a Firestarter Forum, but there is only 3 posts there that I could see and probably not too many people taking part in the forum. mansour |
IPCop is a well known Linux distribution that is built from the ground up to be a dedicated firewall. It's easy to setup and powerful.
Building your own firewall from the ground up is not a good idea if you're a beginner (in my opinion). Firestarter is also a great solution if you simply want to run a software firewall on your desktop machine. Note that your typical WiFi NAT router is a far better solution. |
Quote:
Actually now, after so many searches I have done on internet about these two (Firestarter and IPCop), I perfectly understand, the difference between Firestarter and IPCop. And IPCop is my next project, when I get my hands on some reasonable hardware to install it on, for my small network. IPCop is better suited to be used as a network Firewall, and not as a stand alone Firewall, whereas, Firestarter is better suited as stand alone Firewall (on one machine only). Obviously you haven't even bothered to read my last post, because you would have seen there, that my question was specific to Firestarter. I also know the difference between my WiFi Router Firewall and Firestarter. But am trying to learn using Firestarter. Still you didn't post an answer to my last post. But posted your opinion about what is best for my situation. mansour |
Sorry mansour,
I don't use firestarter and instead just write my one basic iptable rules when I need to. Here is the Ubuntu iptabes howto... https://help.ubuntu.com/community/IptablesHowTo |
firewalls are too complex to teach in a simple manner, even examples of ruleset files can be overwhelming so your best bet is to read some manpages, literature and do some experimenting, (within a virtual environment I would reccomend, vmware and virtualbox are nice make sure it's a host-only network) also try exploring other firewalls such as pf (bsd wall but the sourcecode can be salvaged to be made to work in linux if i'm not mistaken but i haven't been able to find the souce code for pf as of now) and ipcop
|
Quote:
Actually my former manager suggested to send me some iptables book titles a few days ago, that he thought would help me to understand the iptables and how to configure them. And that's also something I am planning to learn, after I have become a bit familiar with the GUI Firestarter and IPCop. I was hoping someone on this Forum is familiar with Firestarter. Thank you for the iptables link though. Appreciated. mansour |
Quote:
Oh, I am sure about that. Ya, it is a complex subject. But I am just hoping to become more familiar and a bit more comfortable. I believe I can learn anything that I like to learn about. mansour |
All times are GMT -5. The time now is 12:58 PM. |