Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi all,
I am a noobie at this so please don't eat my lunch too badly here...
I have a RedHat Linux WS with the latest kernel up and running. It is using the the very basic firewall (The one that you just check "enable" as you are installing linux..) So here's what I would like to do; I want to poke a hole in iptables so that I can see other host\computers and mount their drives and\or volumes from my RHWS machine while maintaining iptables security. Presently, if I want to access these other computers, I have to stop iptables in order to let me access those drives from the RHWS box.
Below is a paste of my current, out-of-the-box, fresh install, iptables configuration:
Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
If this is not clear, then just assume that (and it is) the basic iptables setup right after installation.
Essentially, from my RHWS box, I would like to beable to access and mount drives\volumes of the following three computers through iptables;
How do I do this?, what files do I need to edit? , and what are the proper
firewall rules I need to input to make this possible?
I looked around the forum here and on line and I think that this might be an example, (this was from win32sux back in '03):
***ike, for example, if you wanna allow those IPs to connect to a web server on your box:
code:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p TCP -i eth1 -s 192.168.0.1 --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p TCP -i eth1 -s 192.168.0.2 --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p TCP -i eth1 -s 192.168.0.3 --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p TCP -i eth1 -s 192.168.0.4 --dport 80 -m state --state NEW -j ACCEPT
***
I think I'm on the right track but I'm not sure. Thxs.
The example you found just opens up port 80 (http).
The ports that need to been opened depends on which method you plan to use to connect to the other machines e.g. Samba, nfs, etc as each method uses a differnet range of ports.
Ok, again, a noobie here with monkey-butt-for brains so go s-l-o-w...
I guess I just want to use tcp/ip (unless there is a different recomendation as to a proper port to use), so how would I go about setting that up? I'm not using samba nor nfs (nfs = network file system, right?..) just want to use tcp. Thxs.
Configure your firewall to allow NFS and/or Samba traffic, whichever you use currently. It will select the proper ports and protocols for you automagically.
Samba and NFS both use tcp/ip, along with everything else on a modern network.
Will Firestarter let me do a basic connect between computers?, again I don't use samba or nfs, I just need to be able to see and access other linux computers on the network without comprimising security here. I will jump into this and try it out if it will do the trick.
Firestarter is a GUI for iptables, which in turn is a linux firewall mechanism. A firewall doesn't necessarily connect you to anything. It simply provides rules for the network traffic (like allow, deny, forward, etc.)
If you are sharing files between computers, then the most commonly used method and protocols are NetBIOS/Samba and/or NFS. All of which use tcp/ip for communication purposes.
I will try the smb access route first to see how well that works. By the way, what is the proper RPM version of Firestarter for RedHat Enterprise Linux WS?, or do I just use whatever Fedora uses rpm-wise?
Last edited by Decepticon22; 03-18-2005 at 12:49 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.