LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-18-2005, 10:04 AM   #1
Decepticon22
Member
 
Registered: Sep 2004
Posts: 32

Rep: Reputation: 15
Just want to poke a hole....


Hi all,
I am a noobie at this so please don't eat my lunch too badly here...

I have a RedHat Linux WS with the latest kernel up and running. It is using the the very basic firewall (The one that you just check "enable" as you are installing linux..) So here's what I would like to do; I want to poke a hole in iptables so that I can see other host\computers and mount their drives and\or volumes from my RHWS machine while maintaining iptables security. Presently, if I want to access these other computers, I have to stop iptables in order to let me access those drives from the RHWS box.

Below is a paste of my current, out-of-the-box, fresh install, iptables configuration:

Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

If this is not clear, then just assume that (and it is) the basic iptables setup right after installation.

Essentially, from my RHWS box, I would like to beable to access and mount drives\volumes of the following three computers through iptables;

Apple = 192.123.0.1 drive\volume: fritters
Pear = 192.123.0.4 drive\volume: schnapps
kiwi = 192.123.0.8 drive\volume: pies

How do I do this?, what files do I need to edit? , and what are the proper
firewall rules I need to input to make this possible?


I looked around the forum here and on line and I think that this might be an example, (this was from win32sux back in '03):

***ike, for example, if you wanna allow those IPs to connect to a web server on your box:
code:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p TCP -i eth1 -s 192.168.0.1 --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p TCP -i eth1 -s 192.168.0.2 --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p TCP -i eth1 -s 192.168.0.3 --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p TCP -i eth1 -s 192.168.0.4 --dport 80 -m state --state NEW -j ACCEPT
***


I think I'm on the right track but I'm not sure. Thxs.

D22
 
Old 03-18-2005, 10:36 AM   #2
okmyx
Member
 
Registered: May 2004
Location: Cornwall, UK
Distribution: Ubuntu 8.04
Posts: 464

Rep: Reputation: 31
The example you found just opens up port 80 (http).

The ports that need to been opened depends on which method you plan to use to connect to the other machines e.g. Samba, nfs, etc as each method uses a differnet range of ports.
 
Old 03-18-2005, 10:47 AM   #3
Decepticon22
Member
 
Registered: Sep 2004
Posts: 32

Original Poster
Rep: Reputation: 15
Ok, again, a noobie here with monkey-butt-for brains so go s-l-o-w...

I guess I just want to use tcp/ip (unless there is a different recomendation as to a proper port to use), so how would I go about setting that up? I'm not using samba nor nfs (nfs = network file system, right?..) just want to use tcp. Thxs.

D22
 
Old 03-18-2005, 11:02 AM   #4
soulstace
Member
 
Registered: Mar 2005
Location: USA
Distribution: Knoppix
Posts: 64

Rep: Reputation: 15
Install Firestarter http://www.rpmfind.net/linux/rpm2htm...mit=Search+...

Configure your firewall to allow NFS and/or Samba traffic, whichever you use currently. It will select the proper ports and protocols for you automagically.

Samba and NFS both use tcp/ip, along with everything else on a modern network.

Last edited by soulstace; 03-18-2005 at 11:04 AM.
 
Old 03-18-2005, 11:51 AM   #5
Decepticon22
Member
 
Registered: Sep 2004
Posts: 32

Original Poster
Rep: Reputation: 15
Will Firestarter let me do a basic connect between computers?, again I don't use samba or nfs, I just need to be able to see and access other linux computers on the network without comprimising security here. I will jump into this and try it out if it will do the trick.

Thxs,

D22
 
Old 03-18-2005, 11:56 AM   #6
soulstace
Member
 
Registered: Mar 2005
Location: USA
Distribution: Knoppix
Posts: 64

Rep: Reputation: 15
Firestarter is a GUI for iptables, which in turn is a linux firewall mechanism. A firewall doesn't necessarily connect you to anything. It simply provides rules for the network traffic (like allow, deny, forward, etc.)

If you are sharing files between computers, then the most commonly used method and protocols are NetBIOS/Samba and/or NFS. All of which use tcp/ip for communication purposes.

Last edited by soulstace; 03-18-2005 at 11:58 AM.
 
Old 03-18-2005, 12:01 PM   #7
soulstace
Member
 
Registered: Mar 2005
Location: USA
Distribution: Knoppix
Posts: 64

Rep: Reputation: 15
For example, to connect to another machine using tcp/ip and Samba. Simply go to your web browser and type

smb://IP_address/share_name
 
Old 03-18-2005, 12:44 PM   #8
Decepticon22
Member
 
Registered: Sep 2004
Posts: 32

Original Poster
Rep: Reputation: 15
Thanks, Soul, okmyx,

I will try the smb access route first to see how well that works. By the way, what is the proper RPM version of Firestarter for RedHat Enterprise Linux WS?, or do I just use whatever Fedora uses rpm-wise?

Last edited by Decepticon22; 03-18-2005 at 12:49 PM.
 
Old 03-18-2005, 03:08 PM   #9
Decepticon22
Member
 
Registered: Sep 2004
Posts: 32

Original Poster
Rep: Reputation: 15
These are my system specs:

Red Hat Enterprise Linux WS (v. 3 for AMD64/Intel EM64T)
) GenuineIntel Intel(R) Xeon(TM) CPU 3.40GHz 3399 MHZ

Arch: EM64T Cache: 1024 KB
Vendor: GenuineIntel Memory: 2000 MB
Stepping: 1
Family: 15 Swap: 4000 MB


Do I get the Fedora Core 3 x86-64 (64-bit machines only) ?, Or do I just use the general Fedora Core 3 and 2, Red Hat Enterprise Linux 4 version?

Thxs,

D22
 
Old 03-18-2005, 04:36 PM   #10
soulstace
Member
 
Registered: Mar 2005
Location: USA
Distribution: Knoppix
Posts: 64

Rep: Reputation: 15
Here is the version you need.

http://fedoraproject.org/pre-extras/...3-1.x86_64.rpm

Found it on http://www.fs-security.com/

Last edited by soulstace; 03-18-2005 at 04:39 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES: letting NFS poke through! zepplin611 Linux - Security 3 03-26-2005 10:23 PM
Poke the penguin! Elijah General 5 03-01-2003 12:20 AM
backed myself into a hole how do i get out RaheimSG Linux - Hardware 8 09-11-2002 06:40 AM
poke penguin? tundra General 9 09-04-2002 08:06 AM
Help me plug a hole! rurbaniak Linux - Newbie 4 02-15-2002 01:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration