LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-01-2003, 12:54 AM   #1
patientzero
Member
 
Registered: Aug 2003
Location: Toronto
Distribution: Gentoo 1.4
Posts: 95

Rep: Reputation: 15
Exclamation Ok gurus, newbie needs mad prevention and detection system


Hello Linux Gods...

Newbie, since graduated from super newbie, has adsl using pppoe and running RH9 (shrike) with kernel version 2.4.20-20.9 on a AMD Barton 2800+ w/ 1gb dual channel registered ddr400 ram.

Need to setup some kind of detection and prevention system (like personal tiny firewall, or black ice, etc.) for my RH9 box.

What's the best method and how do I go about doing it? I've been through a few manuals on firewalls and iptables, but being a newb, I felt compelled to ask the pros what are the dos and don'ts and how to do it properly- rather not trial and error this one out!

Thanks for your time, help and support!

Jim
 
Old 09-01-2003, 11:32 AM   #2
Mathieu
Senior Member
 
Registered: Feb 2001
Location: Montreal, Quebec, Canada
Distribution: RedHat, Fedora, CentOS, SUSE
Posts: 1,403

Rep: Reputation: 46
The following is a list of GUI tools that interact with iptables in order to set up a firewall.
http://firestarter.sourceforge.net/
http://www.shorewall.net/
http://www.ipcop.org/
http://www.fwbuilder.org/

You can always take a look at the documentation and tutorials on Netfilter / iptables.
http://www.netfilter.org/
 
Old 09-01-2003, 01:41 PM   #3
patientzero
Member
 
Registered: Aug 2003
Location: Toronto
Distribution: Gentoo 1.4
Posts: 95

Original Poster
Rep: Reputation: 15
Hey Mathieu!

Those are the best links I've gotten yet! I've downloaded firestarter and fwbuilder to see which one does what I want (and the easiest way of doing)... shorewall looks like its for the pros and ipcop.org returns a 404 error...

I'm already engrossed in the faq's and how-tos from netfilter! THANKS SO MUCH!!

Jim
 
Old 09-02-2003, 11:53 AM   #4
nuwanguy
Member
 
Registered: Jul 2003
Location: Sri Lanka
Distribution: RedHat 9, Solaris 8
Posts: 41

Rep: Reputation: 15
Question Can I connect Leased and DSL Internet lines to the same firewall ???

Yeah ! Thanks millions Mathieu !!! That's what I was looking for.

I just finished with my Firewall.

I refer,
http://firestarter.sourceforge.net/
http://www.netfilter.org/

Configured simply and new firewall is up and running on Red-Hat 9 by now !

Is it possible to connect a leased and a DSL line to the network using 3 network cards from same firewall ??? (All clients are Win2000)

Two Network Card for input the Leased and the DSL lines. One Network Card for output for the entire network.

Any helpful tips would be highly appreciated !

Thanks 4 all !

Last edited by nuwanguy; 09-02-2003 at 11:55 AM.
 
Old 09-03-2003, 03:06 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
If you're running servers, provide services for others or simply want detailed detection of what (benign|malicious) traffic passes by, then I'd like to remind you that, unless you use Netfilters' extended features like string match support, Netfilter (iptables) itself has no "real" detection and prevention mechanisms, and adding Snort(.org) would be good. Using Netfilter's LOG target rules for logging in/outbound traffic can help you detect unwanted traffic and help troubleshoot rule problems. And with the help of 3rd party apps like for instance Guardian, Snort also gets the capability to reject traffic if it detects malicious activity. Be aware tho, for some signatures there can be more false positives, so tweaking your config is necessary (as goes with all apps, innit).

Also please refer to the first sticky thread of this forum for more Netfilter links.
 
Old 09-03-2003, 05:30 AM   #6
nuwanguy
Member
 
Registered: Jul 2003
Location: Sri Lanka
Distribution: RedHat 9, Solaris 8
Posts: 41

Rep: Reputation: 15
Question

Thank you unSpawn !

I have installed Firestarter and it's work with DSL Internet line well,

But can't I configure the Rules as computer vise??? that's mean, I need to block FTP for some of computers and enabled for some and so on...

Can't I do it using FireStarter? (According to their manual it's NOT possible)

After that, I have to connect the leased and the DSL lines to the same machine.

As a beginner... this should be a huge task for me, but hope you guys will help me...

Tnx !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
MDK 10.1 Community Newbie is going mad Sun_Tsu Mandriva 16 11-25-2004 09:56 PM
Source code for"URGENT" ipspoofing detection and prevention in 'C' vinkum Linux - Security 1 09-22-2004 06:47 AM
system freeze..!! any gurus out there? :) rohan208 Linux - General 2 07-14-2004 12:24 PM
NEWBIE needs help from the gurus!! Araxis777 Linux - Newbie 16 08-29-2003 12:01 AM
Basic intrustion detection/prevention jamesrh Linux - Networking 5 05-18-2003 02:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration