I have a few questions, here
goes:
1. My inetd.conf files contains entries
such as these ones:
#:STANDARD:
These are standard services.
#:BSD: Shell, login, exec and talk are BSD protocls
These are of the form #:LABEL:
(what the file states). Are these enabled or commented out? I want to disable all rlogin, telnet, rsh, ftp,
and whatnot (just running a firewall).
If
they are prefixed with a #, they are commented out. For a firewall
machine, I'd not only comment them out, but install TCP_wrappers and deny all
connections to the firewall from the internet. (/etc/hosts.deny , syntax
is in the man page for hosts.deny)
2. Can I turn on rp_filter
without disrupting "anything"? Does it need to be turned on during boot up
(before netwrok configuration)?
afraid I can't help you
there.
3. How can I unsinstall ipmasq? And
do I run my ipchains rules at startup (and echo 1 > ip_forward and similar
commands)?
I'd recommend enabling IP forwarding in your
ipchains script, and running the script at startup. Otherwise, if for
some reason your firewall reboots, you're forwarding packets with no
firewall rulebase, and that's a "bad thing"
What
I usually do is put my ipchains rules in a file called ipchains.sh and execute
it at the end of my rc.local script.
4. I want to log some
specific network trafic. Where can I specify in which file the output of such
a log should go
Depends on what you're capturing the traffic with. Did you plan
on using something in
particular?
5. I know there's a REDIRECT target
in ipchains.(how) Can I use this target to allow outside connection to
one of my local hosts? Not sure, but I think I need to allow outside
connection for PEER-TO-PEER network games to work.
Yes, that's correct...you need to forward the port
the game uses to the internal machine that's running the game server.
You can use ipchains (who's syntax for forwarding I don't
know...something like 'ipchains -I forward udp --destination port
<portnumber> destination-IP' maybe someone else knows it off
the top of their head) Personally I use a port forwarding program called
Fast Forward, which does the same thing and is easy to configure.
6. Is it safe to simply allow all
OUTPUT datagrams (ipchains -P output ACCEPT)?
It really can't hurt. I'm assuming this is a
home network and not a business. As long as you can control who uses the
systems inside the firewall, sure, go
ahead.
7. Can I block all TCP connection request
(-y) without disrupting web, mail and whatnot access?
http
and smtp ARE TCP connections, so you'll disrupt those if you block all TCP
incoming without declaring specific allows for them. That's a good way
to do it, just make sure you make a rule for anything you want to allow.
8. What usefullness to the following rules
have:
OUTPUT
ACCEPT ! TCP
0.0.0.0/0 224.0.0.0/4
*->*
Looks like that's telling the firewall to allow all
broadcast packets out of your network. Since the firewall's pretty much
acting as a router, internal broadcasts aren't going anywhere anyway....maybe
that's to allow DHCP requests for the firewall if you're on broadband with no
static IP.
INPUT
ACCEPT ALL
0.0.0.0/0 2 55.255.255.255
That's allowing all incoming
traffic. Bad firewall. No biscuit.
Thx in advanced for any help provide!
Really appreciate it.