LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-27-2007, 07:04 PM   #1
The_Watcher
Member
 
Registered: Mar 2007
Location: London
Posts: 40

Rep: Reputation: 15
Firewall setup -- how to test


Hello Linux fanatics,

I am new -- first post. So excuse my low level questions.

I have a new workstation, and I want to develop systems manager skills. The first questions are:

(1) How do I check that my firewall is up, and is it adequate?
(2) I am having difficulty with plugins. What are they?
(3) Every now and then I get a screen saying that I need to install a plugin; I follow the instructions and it says that it cannot do it? So what's going on?

Thanks.
 
Old 03-27-2007, 07:39 PM   #2
{BBI}Nexus{BBI}
Senior Member
 
Registered: Jan 2005
Location: Nottingham, UK
Distribution: Mageia 6, KDE Neon
Posts: 4,313

Rep: Reputation: 212Reputation: 212Reputation: 212
Quote:
Originally Posted by The_Watcher
(1) How do I check that my firewall is up, and is it adequate?
What's the name of the FireWall you're using?

Quote:
(2) I am having difficulty with plugins. What are they?
Plugins for what/which program?

Quote:
(3) Every now and then I get a screen saying that I need to install a plugin
Does this message occur when you run a particular program? If so what's the name of that program?

<< Details, you need to be more informative. >>

btw, Which distribution are you running? Ubuntu, Mandriva, SuSe?

Last edited by {BBI}Nexus{BBI}; 03-27-2007 at 07:44 PM.
 
Old 03-28-2007, 07:57 AM   #3
TomX
LQ Newbie
 
Registered: Oct 2005
Posts: 15

Rep: Reputation: 0
To test your firewall there are a few things I can think of:

GRC's Shields Up is a relatively good test if you're connected to the Internet directly. If you're behind, say, a university firewall, GRC will most likely report that all ports are blocked, which would most likely be due to the university's firewall.

Another thing you can do is to connect to another machine (using a crossover cable, say) and from the other machine, port scan your machine (nmap), ping it. There are more advanced things that you can do such as inspecting packets sent from your main machine, though I don't know any particulars.

Here's a simple firewall script which blocks everything incoming except for connections which already exist and connections through port 6881, for BitTorrent.
Code:
#!/bin/sh

IPT=/usr/sbin/iptables
EXT=eth0

# Flush all entries
$IPT -F
$IPT -X
$IPT -Z

# Drop all connections by default
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

# Allow connections through loopback device
$IPT -A INPUT -i lo -p all -j ACCEPT
$IPT -A OUTPUT -o lo -p all -j ACCEPT

# Allow incoming connection if they're related or established
$IPT -A INPUT -i $EXT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow connections for BitTorrent
$IPT -A INPUT -p tcp --destination-port 6881 -j ACCEPT

# Allow connections for SSH
$IPT -A INPUT -p tcp --destination-port 22 -j ACCEPT

# Allow all outgoing packets
$IPT -A OUTPUT -o $EXT -j ACCEPT

# Logging
$IPT -A INPUT -i $EXT -p tcp -j LOG --log-prefix "TCP Connection: "
$IPT -A INPUT -i $EXT -p udp -j LOG --log-prefix "UDP Connection: "
I prefer, and recommend, using iptables rather than some abstraction of it. The syntax may seem a little strange but given the comments, you shouldn't have much difficulty learning how to use it. With this script you get what you ask for (assuming iptables is implemented correctly, which I think is a fair assumption). With an abstraction of iptables, it may not being doing exactly what you want.

I have this run upon booting.

Last edited by TomX; 03-28-2007 at 08:03 AM.
 
Old 03-28-2007, 01:18 PM   #4
The_Watcher
Member
 
Registered: Mar 2007
Location: London
Posts: 40

Original Poster
Rep: Reputation: 15
Cool

btw, Which distribution are you running? Ubuntu, Mandriva, SuSe?[/QUOTE]

RHEL WS 4.0 -- I have new HP workstation xw9300, dual core with 2 AMD Opterons.


[QUOTE={BBI}Nexus{BBI}]What's the name of the FireWall you're using?

I do not know. That is what I meant: how do I check my firewall specs and that it is up and working?


Plugins for what/which program?

When I try a website, I often see a logo in the form of a green piece of a jig-saw puzzle and the following message:
"click here to down load plugin".

When a click to download, it does something for a few seconds and then stops and says, "No suitable plugins were found". the 2nd line says, Unknown Plugin and a button saying "Manual Install". I click this button, and it goes back to the previous jig-saw page?

One other thing, I have recently tried to install the latest versions of rkhunter-1.2.9 and flash-plugin-9.0.31.0-release. When I open the internet (firefox) I can see their 2 blue icons in the bottom left corner of the page, although they do not seem to be doing nay harm there?

I think that I installed the rkhunter ok because I can run it (although I do not get any man pages; and I do not know which are the best options to run it with? I do not think that I installed the flash-plugin properly.

Questions:

(1) Are these icons there permenantly? Or have I done something wrong (most likely)?
(2) How do I get rid of them? Is it safe to remove them? Will I lose anything?

I have moved the rkhunter-1.2.9 file to my root Home directory. Similarly, I had previlously tried to install the latest version of firefox off the web, and I got the tar.rpm file and open it to get a new firefox folder, which is now also in root Home. I do not know whether I did the installation process correctly?

Once you install a latest version from a tar.rpm file, is it safe to delete the tar.rpm file (and the folder that opens up with ti-- firefox in this case) or do you have to keep the new folders and tar.rpm file permenanatly?

Please excuse my naieve questions.

Cheers.
 
Old 03-29-2007, 04:14 AM   #5
mastrboy
Member
 
Registered: Aug 2005
Distribution: Debian, OpenBSD, PFsense
Posts: 73

Rep: Reputation: 15
http://howtoforge.com/test_your_linu...l_with_ftester
 
Old 03-30-2007, 05:58 AM   #6
The_Watcher
Member
 
Registered: Mar 2007
Location: London
Posts: 40

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by mastrboy
Thanks mastrboy.

I have gone through the instructions, and installed the PERL modules. Then downloaded and run the ftester tar.gz files up to:
# tar -xzf ftester-1.0.tar.gz
and I have created the ftester-1.0 subdirectory.

But from here on I am lost. It says:


" Configuration:
We will need to create a configuration file to tell ftest what packets it should generate.
The definition of the packets we want to send for test if they can traverse the firewall is mainly specified in a configuration file (ftest.conf), the main syntax is:
Source Address:Source Portestination Addressestination Port:Flags:Protocol:Type of Service "


Then a few examples:

# SYN packet to 10.1.7.1 port 80 192.168.0.10:1024:10.1.7.1:80:S:TCP:0
# PSH,ACK reply from 192.168.0.10
192.168.0.10:20:10.1.7.1:1022:AP:TCP:22
# UDP packet
192.168.0.10:53:10.1.7.1:53::UDP:0


Questions:
Where do these numers come from, and what do they mean?
where do I put them?
What do TCP, UDP or ICMP mean, and how do I know which is the proper one for my system?

Help!
 
Old 03-30-2007, 06:24 AM   #7
mastrboy
Member
 
Registered: Aug 2005
Distribution: Debian, OpenBSD, PFsense
Posts: 73

Rep: Reputation: 15
the numbers are IP's and Ports, TCP,UDP and ICMP are network protocols.

By reading this questions i have to assume you don't now much about networking and firewalling. Here are some reading material that will be usefull:

http://en.wikipedia.org/wiki/Computer_network
http://en.wikipedia.org/wiki/TCP/IP_model
http://en.wikipedia.org/wiki/Interne...ssage_Protocol
http://en.wikipedia.org/wiki/OSI_model
 
Old 03-31-2007, 08:07 AM   #8
The_Watcher
Member
 
Registered: Mar 2007
Location: London
Posts: 40

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by mastrboy
the numbers are IP's and Ports, TCP,UDP and ICMP are network protocols.

By reading this questions i have to assume you don't now much about networking and firewalling. Here are some reading material that will be usefull:

http://en.wikipedia.org/wiki/Computer_network
http://en.wikipedia.org/wiki/TCP/IP_model
http://en.wikipedia.org/wiki/Interne...ssage_Protocol
http://en.wikipedia.org/wiki/OSI_model

Yep, you guessed it. These links are useful and I am reading through them.

My task in fairly simple. I want to set up a stand alone machine (for the moment) for heavy scientific number crunching, so the machine configuration is quite simple.

The one thing that is important is security from hackers and viruses etc (the last I understand is not a big problem in linux). I have a limited number of external machines which I want to accesss, and I do not want to give access to anyone else (at the moment) to my machine -- this is nearly a closed system. However, I must connect to the internet for downloads, updates, communications, e-mail etc.

Thus, I need a firewall -- I may already have one already installed, but I do not know how to check. I have followed the instructions given, and I am stuck at the point I mentioned in my previous message.

Basically, how do I know what IP address, and lines that appear in the example, I should put in to my own files for firewall checking purposes?

For example:


# SYN packet to 10.1.7.1 port 80 192.168.0.10:1024:10.1.7.1:80:S:TCP:0
# PSH,ACK reply from 192.168.0.10
192.168.0.10:20:10.1.7.1:1022:AP:TCP:22
# UDP packet
192.168.0.10:53:10.1.7.1:53::UDP:0


The question is, what do I put in into my file instead of
"SYN packet to 10.1.7.1 port 80 192.168.0.10:1024:10.1.7.1:80:S:TCP:0" ?

Where dose the IP address 192.168.0.10 come from? How do I know that it is TCP .. and so on. What port number do I put instead of 'port 80'.

I know that these are quite low level questions, but this is the only thing left for me to do on my machine - it will make me secure only after setting this file up.

Cheers.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall Test ferradura Slackware 8 06-23-2006 04:45 PM
help with client side NFS-firewall setup and server side NIS-firewall setup niverson Linux - Networking 3 02-02-2004 08:52 AM
Test my firewall synecdoche Linux - Software 4 07-23-2003 06:11 PM
How to test firewall? drjimstuckinwin Linux - Security 2 06-12-2001 07:59 PM
I need to test my firewall... bfloeagle Linux - Security 1 06-27-2000 12:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration