LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-31-2003, 09:21 PM   #1
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
iptables - read doc's but still a few questions


Hi, on recent advice from security questions ive been asked, ive installed iptables.

(comes with redhat 9)

i set it up dureing a complete re-install.
and set it at maximum security. it said it would not allow any incomming connections that were not user defined.

i have not defined any connections to allow yet, so decided to test it with yep, telnet.

with my firewall up, and set to dis-allow all incomming connnections, why is it that im able to telnet sucessfully to cups and smtp ???

should the firewall not dissallow it ?

i am currently reading documentation on the iptables homepage,
are there any other resources any1 could recomend for a first time firewall user ? or will the home site be surficiant ???

thankyou.

Last edited by qwijibow; 09-01-2003 at 08:39 AM.
 
Old 09-01-2003, 06:41 AM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 49
Can you please iptables -nvL and check whether iptables is running. Also, if you do a telnet 127.0.0.1 it would work.
 
Old 09-01-2003, 06:42 AM   #3
aqoliveira
Member
 
Registered: Dec 2001
Location: Portugal
Distribution: /Red Hat/Fedora/Solaris
Posts: 622

Rep: Reputation: 30
Hi

When you telneting the box Iḿ sure you will notice that you will not be able to connect and work with it remotely therefor the service to the box has been blocked/closed. When you telnet smtp or any other service it will responed as this port is open for a incomeing connection. This normally a good method to be used to see if the port is responding or up. When you telnet a service like smtp for e.g you will see a dash blinking but you will not see a login prompt therefor there is nothing to worry about it is just saying Iḿ up and ready.

I don t think there is a way to block telnet to those services I ve never heard of it but HEY always eager to learn.

I hope this helps
cheers
 
Old 09-01-2003, 08:35 AM   #4
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
thankyou guys,

u read the documentation and found that the initial setup i did did not actually setup any chains... (all my chains INPUT OUTPUT OFRWARD) are empty, and policy set to ACCEPT)

i think i know enough to input my own chains, BUT there are some things i would like to ask first.

first of all, i am going to leave my FORWARD chain empty and set it policy to REJECT (i am not using my box as a proxy / firewall to a LAN)

also, i assume no matter what i do with IPTABLES, ALL connections made via the loopback interface (127.0.0.1) will be accepted ?? (or will i have to add that to INPUT and OUTPUT ?)

My understanding of networks if very simple, i know only what i needed to know for winsock programming in windows, but, here's my understanding.

*when in a browser i type 'www.google.com/linux' the browser first look up the name google.com on a server to get its IP address (what is this server ? will i have to add it to my OUT CHAIN ????)

then it connects to the given IP address on port 80, the remote server is only listeining on port 80, and accepts the connection of a freee port, lets say port X.
but i have NO idea what port the info is sent to my browser through.

as you can see, im still a little confused, is there any firther documentation ?

or could any1 port there INPUT / OUTPUT chains that i could look at as an example.

thankyou.

OHH, and more thing, are the changes i make to IPTABLES instaltyl enforced, or do i have to restart my machine ????

thankyou for your reply.
 
Old 09-01-2003, 10:45 AM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
> i assume no matter what i do with IPTABLES, ALL connections made via the loopback interface (127.0.0.1) will be accepted ?? (or will i have to add that to INPUT and OUTPUT ?)

Iptables won't allow loopback traffic unless you tell it to. Either you can just allow all INPUT traffic, which is a really, really bad idea or you can have you default INPUT policy be DROP and then just add the rules you want i.e iptables -A INPUT -i lo -j ACCEPT

> *when in a browser i type 'www.google.com/linux' the browser first look up the name google.com on a server to get its IP address (what is this server ? will i have to add it to my OUT CHAIN ????)

These are your DNS nameservers. They are automagically punched through the firewall for you during the init process.

> then it connects to the given IP address on port 80, the remote server is only listeining on port 80, and accepts the connection of a freee port, lets say port X. but i have NO idea what port the info is sent to my browser through.

A "clean-up" rule like this will catch all the situations where an initial connection that you initiate is handed off to a different port number:
iptables -A INPUT -p ALL -m state --state RELATED,ESTABLISHED -j ACCEPT

>is there any firther documentation ?
Check out the netfilter howto's at www.netfilter.org . The FrozenTux one is pretty good. They also have example firewalls you can check out.

>OHH, and more thing, are the changes i make to IPTABLES instaltyl enforced, or do i have to restart my machine ?

You will have to restart iptables, but not you're entire system.
 
Old 09-01-2003, 11:12 AM   #6
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
Thankyou.

but im still having trouble with this whole DNS thing.

just for testing, i have my INPUT policy set to accept, (no rules)
and output policy set to drop, with only 1 rule...
iptables -A OUTPUT -p tcp -d smtp.ntlworld.com -dport 25 -j ACCEPT

(ip tables seems to automatically convert the URL into an ip address)

but, all my telnet connections to that server's URL are DROPED (unless i telnet to that servers IP address)

i assume this is my firewall stoping telnet from accessing the DNS servers ????

but anyway, ive started a seperate thread about this problem, (dont want to be shouted at for double posting) but thankyou for ur reply.
 
Old 09-01-2003, 11:28 AM   #7
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Ahh I see what's going on now. Iptables can't take a URL (smtp.ntlworld.com) as an argument with the -d option. It only accepts ip addresses, so you'll have to find out what is there ip address. I get:

$ping smtp.ntlworld.com
PING smtp.ntlworld.com (62.253.162.40)

HTH
 
Old 09-01-2003, 11:56 AM   #8
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
lol, actually, (like i said in the other thread)
i fixed it by adding the dns servers to as accept rules in OUTPUT.

im online so iptables seems to be converting the URL to an IP anyway, but thanx.

(i know this is kind or a double post, but it wasnt delibrate, and the probs all fixed now, so thanx every1.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking certain IPs with iptables - what am I doing wrong? thinksincode Linux - Security 2 12-21-2004 10:27 AM
What's wrong with this iptables syntax?? registering Linux - Security 3 06-16-2004 03:54 PM
What's wrong with my iptables script? veritas Linux - Security 3 06-06-2004 11:39 AM
IPTables: what in bloody blazes am I doing wrong??? garison08 Linux - Security 2 04-22-2004 10:56 AM
iptables, what am i doing wrong?! jimval7 Linux - Networking 5 02-27-2002 11:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration