LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-19-2003, 07:51 AM   #1
vous
Member
 
Registered: Mar 2003
Location: Macondo
Distribution: Mandrake 9.1, 10.1, SuSE 8.1 pro, 10.1, Red Hat 8.0/9.0
Posts: 380

Rep: Reputation: 30
Firewall setup HELP!


Helllo all,

I'm trying to get my SuSE firewall configured....to do so I began using this HOW-To from SuSE:

http://sdb.suse.de/sdb/en/html/pohle...hfirewall.html

But I have run into some discrepancies with the article....

#1) The first thing I'm asked to do is to add this line to the /etc/sysconfig/personal-firewall:

REJECT_ALL_INCOMING_CONNECTIONS="pppX"

Here pppX (the right one for DSL) should be the device number, but I have no device number for ppp....(I'm assuming you check that with an ifconfig -a).....????

The only devices I get are: eth0, lo, and sit0.

Hmmmmm....and now what????

#2) Second, I have an adsl ehternet modem (up and running) and the article says that for that set-up, I should have an entry like this:

"...In case you use DSL, the name of the file for the first DSL device is ifcfg-dsl0...."

What I have in that directory is:

localhost:/etc/sysconfig/network # ls -la
total 38
drwxr-xr-x 6 root root 320 Apr 9 02:02 .
drwxr-xr-x 5 root root 1224 May 15 10:49 ..
-rw-r--r-- 1 root root 4464 Sep 10 2002 config
-rw-r--r-- 1 root root 5152 May 15 10:48 dhcp
drwxr-xr-x 2 root root 48 Sep 10 2002 if-down.d
drwxr-xr-x 2 root root 48 Sep 10 2002 if-up.d
-rw-r--r-- 1 root root 93 Mar 13 17:03 ifcfg-eth0
-rw-r--r-- 1 root root 96 Sep 10 2002 ifcfg-lo
-rw-r--r-- 1 root root 3970 Sep 10 2002 ifcfg.template
drwx------ 2 root root 48 Sep 10 2002 providers
drwxr-xr-x 2 root root 856 May 15 10:48 scripts
-rw-r--r-- 1 root root 4819 May 15 10:48 wireless

Thus the only entry I have (as far as I get it) is:

ifcfg-eth0

Should I then configure this one?


Any thoughts?
 
Old 05-19-2003, 09:16 AM   #2
bentz
Member
 
Registered: Mar 2003
Distribution: Fedora, Mac OSX
Posts: 362

Rep: Reputation: 30
Do a 'route | grep 'default' ' command. Whatever Interface is listed (last coulmn) is will be the one you're going to use in your firewall rules. I'm guessing that the ethernet (*hint hint*) adsl modem is going to be using the first ethernet network device, eth0.
 
Old 05-19-2003, 10:09 AM   #3
vous
Member
 
Registered: Mar 2003
Location: Macondo
Distribution: Mandrake 9.1, 10.1, SuSE 8.1 pro, 10.1, Red Hat 8.0/9.0
Posts: 380

Original Poster
Rep: Reputation: 30
And so it was!

OK, so I proceeded to set up my firewall, and as far as I can see...it's up and running!! Cheers bentz!

But, how can I be sure of these two points:

1) How do I know I have set it up correctly and that it is giving me the degree of protection I'd need?

2) How can I verify that it is NOT blocking traffic that I need to have flowing as prior to the firewall setup?
 
Old 05-19-2003, 11:09 AM   #4
bentz
Member
 
Registered: Mar 2003
Distribution: Fedora, Mac OSX
Posts: 362

Rep: Reputation: 30
Personally, the way I solve these two problems is by the following:
1. nmap your machine from the outside. If you get dropped all over the place, you are safe. Basically, just try to crack yourself, before others try the same.
2. Test outgoing connections to ensure that everything is working the way it should. What I typically do is a 'iptables -L -v' to view the connection count statistics. Then I attempt a connection and watch each target's statistic increase as I am testing services and making connections. The same is true for the above; if you port scan yourself and see that your DROP policy count statistic is going up like crazy as the port scanner makes attempts on your machine, you know it is working for you.
 
Old 05-19-2003, 01:11 PM   #5
vous
Member
 
Registered: Mar 2003
Location: Macondo
Distribution: Mandrake 9.1, 10.1, SuSE 8.1 pro, 10.1, Red Hat 8.0/9.0
Posts: 380

Original Poster
Rep: Reputation: 30
Okeee...

What is nmap? Is it a port scanner?

How could I simultate a machine trying to connect from the outside to my ports so I can check them?
 
Old 05-19-2003, 01:12 PM   #6
Robert0380
LQ Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
i alwasy suggest learning iptables to setup a firewall. Many GUI apps are front-ends to iptables. Also, iptables gives you more flexibility (I use it to route traffic as well as drop what doesn't need to be sent or recieved or forwarded from one network to the other) and you can use it if you ever do an installation without X.
 
Old 05-19-2003, 01:56 PM   #7
vous
Member
 
Registered: Mar 2003
Location: Macondo
Distribution: Mandrake 9.1, 10.1, SuSE 8.1 pro, 10.1, Red Hat 8.0/9.0
Posts: 380

Original Poster
Rep: Reputation: 30
Okaaay.....

guess where I found out what Nmap was......


http://news.bbc.co.uk/2/hi/technology/3039329.stm



Robert0380: Yup, I am going to follow up on iptables; let you know how it went.

Last edited by vous; 05-19-2003 at 01:58 PM.
 
Old 05-19-2003, 08:51 PM   #8
geoff_f
Member
 
Registered: May 2003
Location: Canberra, Australia
Distribution: openSUSE 11.3
Posts: 445

Rep: Reputation: 31
**** How could I simultate a machine trying to connect from the outside to my ports so I can check them?

Don't simulate it, get someone to do it!

Try ShieldsUp at http://www.grc.com

ignore the bit about downloading their IP Agent - this is Windows-only software. The site will detect your computer's internet IP address nonetheless. Do the 'Probe My Ports' as well, for a full confidence check. Be careful here; reading this site can be addictive, especially if you have a touch of paranoia.

Geoff.
 
Old 05-20-2003, 09:47 AM   #9
vous
Member
 
Registered: Mar 2003
Location: Macondo
Distribution: Mandrake 9.1, 10.1, SuSE 8.1 pro, 10.1, Red Hat 8.0/9.0
Posts: 380

Original Poster
Rep: Reputation: 30
Pretty cool site!!!

OK, so here it is....

I did the Ports and Shields Scan, and came through quite well!!!

All ports were blocked with the exception of the ones I selected to only be closed which appear in fact "closed"....

So, now what?

Is closed good enough for port 80 for example?

What should I do with those ports?
 
Old 05-20-2003, 07:27 PM   #10
geoff_f
Member
 
Registered: May 2003
Location: Canberra, Australia
Distribution: openSUSE 11.3
Posts: 445

Rep: Reputation: 31
That's good news, isn't it? This means that your firewall is behaving exactly the way you have set it up to do.

'Closed' means that a probe from outside the firewall will not get through, so your security is not at risk. But the prober will get notification that the port was closed, which will confirm that a computer exists at that port. This may give a determined hacker cause to hang around and try hacking your computer, whereas 'stealth' would have just dropped the probe and given no indication that a computer existed there.

Whether this is OK or not is up to you to decide; your security is OK for the moment but you have to balance the risk of announcing your presence against the benefit you get from having these ports 'closed', rather than set for 'stealth'. Only you will know this.

What should you do with these ports? Probably nothing at this stage; just leave it as it is and monitor for intrusion attempts. Your firewall should have logs that you can check for this.

For better info on this, look at grc.com's FAQ page in the Shield's Up section.

Geoff.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is a firewall necessary in this setup? cerrayon Linux - Security 4 06-27-2004 08:34 PM
help with client side NFS-firewall setup and server side NIS-firewall setup niverson Linux - Networking 3 02-02-2004 09:52 AM
Firewall Setup Q nixtech Linux - Networking 1 08-15-2003 09:47 PM
Setup A Firewall kelper Linux - Security 1 07-14-2003 03:57 PM
Firewall Setup Golem Linux - Newbie 2 01-31-2002 07:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration