Re: [newbie] Two Shorewall questions
On Friday 17 December 2004 12:09, Kaj Haulrich wrote: When checking my ports at Shields Up (www.grc.com), my port 113 shows blocked. I would prefer stealthed. Now, I know that somewhere in /etc/shorewall/foo it should be possible to change REJECT to DROP, but I can't locate the entry (policy ?) and - what's worse - can't figure out the syntax. I've tried webmin, but every attempt here ends up with my system unable to connect to anything. And, yes, I do a service shorewall restart after each attempt. 1. Does it matter having port 113 (IDENT) blocked ? 2. If eyes, how to do it ? TIA Kaj Haulrich. http://www.shorewall.net/FAQ.htm#faq4 derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Two Shorewall questions
On Friday 17 December 2004 13:18, Derek Jennings wrote: On Friday 17 December 2004 12:09, Kaj Haulrich wrote: When checking my ports at Shields Up (www.grc.com), my port 113 shows blocked. I would prefer stealthed. Now, I know that somewhere in /etc/shorewall/foo it should be possible to change REJECT to DROP, but I can't locate the entry (policy ?) and - what's worse - can't figure out the syntax. I've tried webmin, but every attempt here ends up with my system unable to connect to anything. And, yes, I do a service shorewall restart after each attempt. 1. Does it matter having port 113 (IDENT) blocked ? 2. If eyes, how to do it ? TIA Kaj Haulrich. http://www.shorewall.net/FAQ.htm#faq4 derek Thanks, Derek ! By editing /etc/shorewall/rules I managed to stealth port 113. The documentation in Shorewall states that it defaults to REJECT in order to make auth possible, but according to the documentation at grc this is an abandoned protocol only used by some old unix servers. We'll see if stealthing port 113 has any adverse effects Thanks again, Kaj Haulrich. -- *sent from a 100% Microsoft-free workstation* * http://haulrich.net * *Running Linux (Mandrake 10.1) - kernel 2.6.8* Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S)DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 Apr 2004 07:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S)DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 Well I hope you have another firewall further upstream from your computer, because what these lines do is to open up Windows networking directly to the Internet so anyone+dog can browse your shared folders. If you want to enable Samba to computers in your local network, the lines ACCEPT loc fw udp 137,138,139 ACCEPT loc fw tcp 137,138,139 will do the trick (assuming the local network is called 'loc' in some cases it may be called 'masq' ) As an additional precaution it is a good idea to set the line interfaces= eth1 (where eth1 is the local network) in your /etc/samba/smb.conf file. This will force samba to only use that interface instead of the default which is all interfaces. Not only will it prevent people from outside connecting to samba, but it will stop samba timing out when it sends packets to the network interface which are then dropped by shorewall. derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
Derek Jennings wrote: On Friday 30 Apr 2004 07:35, Raffaele BELARDI wrote: Well I hope you have another firewall further upstream from your computer, because what these lines do is to open up Windows networking directly to the Internet so anyone+dog can browse your shared folders. Yes I do, and also I use the hosts allow entry in smb.conf to limit access to a very limited set of co-workers' machines. Anyway, thanks for the tip, I admit I did not do much study on the samba/shorewall configuration. raffaele Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 April 2004 03:02, Steve Jeppesen wrote: Klemens, I maybe wrong, but I thought you had to open ports 137, 138 and 139. Double check to be sure Yes, you are right. But this didn't help either. -- Klemens Arro My software never has bugs; it just develops random features. Using: Mandrake Linux 10 Registered Linux User#: 346118 ICQ#: 179198850 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 April 2004 09:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S)DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 This doenn't help either :( My /etc/shorewall/rules looks like this (made by mcc) ACCEPT net fw udp 137,138,139 - ACCEPT net fw tcp 80,443,20,21,25,137,138,139 - ACCEPT loc fw udp 137,138,139 - ACCEPT loc fw tcp 80,443,20,21,25,137,138,139 - REDIRECTloc 3128tcp www - ACCEPT fw net tcp www -- Klemens Arro My software never has bugs; it just develops random features. Using: Mandrake Linux 10 Registered Linux User#: 346118 ICQ#: 179198850 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 April 2004 09:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S)DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 This doenn't help either :( My /etc/shorewall/rules looks like this (made by mcc) ACCEPT net fw udp 137,138,139 - ACCEPT net fw tcp 80,443,20,21,25,137,138,139 - ACCEPT loc fw udp 137,138,139 - ACCEPT loc fw tcp 80,443,20,21,25,137,138,139 - REDIRECTloc 3128tcp www - ACCEPT fw net tcp www * Sorry, I had a spelling error, I fixed this ;) -- Klemens Arro My software never has bugs; it just develops random features. Using: Mandrake Linux 10 Registered Linux User#: 346118 ICQ#: 179198850 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 Apr 2004 10:20, Klemens Arro wrote: On Friday 30 April 2004 09:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S) DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 This doenn't help either :( My /etc/shorewall/rules looks like this (made by mcc) ACCEPT net fw udp 137,138,139 - You DO NOT want this line. As I commented to Raffaele this opens the firewall to Windows networking over the Internet interface *very insecure!* ACCEPT net fw tcp 80,443,20,21,25,137,138,139 - This line opens your computer to the internet for Web server (80), Secure web server (443), ftp (20,21), SMTP (25), and Windows networking (137,138,139) You should only have these ports open if you actually want to use them, and of course 137,138, and 139 should not be exposed to the Internet ACCEPT loc fw udp 137,138,139 - ACCEPT loc fw tcp 80,443,20,21,25,137,138,139 - REDIRECTloc 3128tcp www - ACCEPT fw net tcp www Try adding the line to /etc/shorewall/policy fw loc ACCEPT That will allow all services running on your firewall device samba, etc to connect to the local network. If that is too broad for you then add ACCEPT fw loc udp 137,138,139 - ACCEPT fwloc tcp 137,138,139 - to /etc/shorewall/rules instead After making any change to shorewall restart it with 'shorewall restart' in a root terminal. derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 April 2004 13:54, Derek Jennings wrote: On Friday 30 Apr 2004 10:20, Klemens Arro wrote: On Friday 30 April 2004 09:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORT PORT(S) DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 This doenn't help either :( My /etc/shorewall/rules looks like this (made by mcc) ACCEPT net fw udp 137,138,139 - You DO NOT want this line. As I commented to Raffaele this opens the firewall to Windows networking over the Internet interface *very insecure!* ACCEPT net fw tcp 80,443,20,21,25,137,138,139 - This line opens your computer to the internet for Web server (80), Secure web server (443), ftp (20,21), SMTP (25), and Windows networking (137,138,139) You should only have these ports open if you actually want to use them, and of course 137,138, and 139 should not be exposed to the Internet ACCEPT loc fw udp 137,138,139 - ACCEPT loc fw tcp 80,443,20,21,25,137,138,139 - REDIRECTloc 3128tcp www - ACCEPT fw net tcp www Try adding the line to /etc/shorewall/policy fwloc ACCEPT That will allow all services running on your firewall device samba, etc to connect to the local network. If that is too broad for you then add ACCEPT fw loc udp 137,138,139 - ACCEPT fwloc tcp 137,138,139 - to /etc/shorewall/rules instead After making any change to shorewall restart it with 'shorewall restart' in a root terminal. derek now it shows me all computers at my network, but when i try to connect it tells me: Connection to X failed and nobody can't see me. -- Klemens Arro My software never has bugs; it just develops random features. Using: Mandrake Linux 10 Registered Linux User#: 346118 ICQ#: 179198850 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 Apr 2004 19:24, Klemens Arro wrote: On Friday 30 April 2004 13:54, Derek Jennings wrote: On Friday 30 Apr 2004 10:20, Klemens Arro wrote: On Friday 30 April 2004 09:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORT PORT(S) DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 This doenn't help either :( My /etc/shorewall/rules looks like this (made by mcc) ACCEPT net fw udp 137,138,139 - You DO NOT want this line. As I commented to Raffaele this opens the firewall to Windows networking over the Internet interface *very insecure!* ACCEPT net fw tcp 80,443,20,21,25,137,138,139 - This line opens your computer to the internet for Web server (80), Secure web server (443), ftp (20,21), SMTP (25), and Windows networking (137,138,139) You should only have these ports open if you actually want to use them, and of course 137,138, and 139 should not be exposed to the Internet ACCEPT loc fw udp 137,138,139 - ACCEPT loc fw tcp 80,443,20,21,25,137,138,139 - REDIRECTloc 3128tcp www - ACCEPT fw net tcp www Try adding the line to /etc/shorewall/policy fw loc ACCEPT That will allow all services running on your firewall device samba, etc to connect to the local network. If that is too broad for you then add ACCEPT fw loc udp 137,138,139 - ACCEPT fwloc tcp 137,138,139 - to /etc/shorewall/rules instead After making any change to shorewall restart it with 'shorewall restart' in a root terminal. derek now it shows me all computers at my network, but when i try to connect it tells me: Connection to X failed and nobody can't see me. You need to check that the firewall is open from 'fw' to 'loc', and from 'loc' to 'fw' If you look at your syslog you will be able to see if any packets are being discarded. derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Fri, 30 Apr 2004 00:23:41 +0300 Klemens Arro [EMAIL PROTECTED] wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. By allowing ports 193-194 doesn't help, neither by telling shorewall to allow Samba server! -- Klemens Arro Klemens, I maybe wrong, but I thought you had to open ports 137, 138 and 139. Double check to be sure -- Linux user #280097 Machines #162480 #191825 http://counter.li.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] ICS, Shorewall stops rest of network
Hi Derek, Your wrote: Shorewall is a very effective firewall, but there are a couple of things you should know. Many thanks for that - it is the clearest explanation I have yet read about this issue. Great! More importantly, following your steps suggestions EVERYTHING is working as I want. Mate, the next shout's on me, as we say down here! -- Pierre Final Filer Software http://www.finalfiler.com Worrigee, NSW, Australia 2540 -- Life's like a roll of toilet paper- The closer it gets to the end, the faster it goes. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] ICS, Shorewall stops rest of network
On Sunday 26 Oct 2003 7:47 am, [EMAIL PROTECTED] wrote: I have tried to make of sense of the instructions and solutions out there on the internet. Frankly, my head is spinning. The Quickstart guide at Shorewall.net left me even more confused. Is anyone able to give me a simple, plain english explanation on how to configure Shorewall ICS so the other computers on my local workgroup network can access SAMBA? I tried Shorewall once (MDK9.0) and it broke all connectivity. My conclusion was that it needs setting up if you are using it for more than a dedicated firewall. Don't know about ICS, and haven't tried it since. Firewalls are complex bits of kit. They require really getting to grips with what you are doing with them. Automatic installs are only ever going to get you so far. You could try the webmin interface. (urpmi webmin) It's not a magic bullet, but it might help. You could install a hardware firewall between you and the internet. Then ditch shorewall and let the firewall manufacturers worry about it. If nothing else it simplifies your problem by splitting it in two. You should keep reading until it all makes sense. That could take a long time; it's a very complex subject. But if you keep reading over and over, not expecting to understand it all first time through, things will drop into place one by one. Get a working knowledge of configuring shorewall and samba. Then if you post exactly what your network setup is and what your configuration files are someone will probably be able to point you in the right direction. -- Richard Urwin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] ICS, Shorewall stops rest of network
- Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 26, 2003 15:47 Subject: [newbie] ICS, Shorewall stops rest of network It has taken me several months to work out that the reason I can't access the SAMBA server I have set up is because of the Shorewall settings configured by invoking MDK9.x ICS. At least that is my reading of it. Essentially, everything else on my network seems to work - ICS, and the Linux box can read and write to the shared folders on the WinXP boxes. However, although I can see the Samba Server connection on the WinXP box, attempting to open it results in Network Path not found. I cannot ping 192.168.1.1 However, when I disable Shorewall, I can ping 192.168.1.1 and I can access Samba. But now ICS is disabled :( I have tried to make of sense of the instructions and solutions out there on the internet. Frankly, my head is spinning. The Quickstart guide at Shorewall.net left me even more confused. Is anyone able to give me a simple, plain english explanation on how to configure Shorewall ICS so the other computers on my local workgroup network can access SAMBA? Many thanks in advance... hi Pierre, i'm using Samba with ICS on Mandrake 9.0. it works perfectly, although Shorewall has taken quite abit of flak on this list due to the way mandrake configures it. bjorn has highlighted the requirements in another reply, that is to open ports 137, 138 and 139. FYI, the two config files you need to touch for mandrake are /etc/shorewall/rules, and maybe /etc/shorewall/interfaces. you should try using the rules and interfaces with the appropriate configuration from quickstart guide at shorewall.net, which you've already found, and define rules and interfaces. the reason to use is cos they come heavily commented, and IIRC the mandrake tools strips the comments out. you never stated your configuration, but this is how i'm configured for two ethernet cards, with my dsl connected to eth1. eg /etc/shorewall/interfaces #ZONEINTERFACE BROADCAST OPTIONS net eth1detect loc eth0detect /etc/shorewall/rules #samba #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORT PORT(S) DEST ACCEPT loc fw tcp 137,138,139 - ACCEPT loc fw udp 137,138,139 - oh, and btw, you should remove the Reply-To in your email software when posting to this list. the reasons are documented at http://mandrake.vmlinuz.ca/bin/view/Main/MandrakeMailingListEtiquette item number 2. hth, Jim Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] ICS, Shorewall stops rest of network
On Sunday 26 Oct 2003 7:47 am, [EMAIL PROTECTED] wrote: It has taken me several months to work out that the reason I can't access the SAMBA server I have set up is because of the Shorewall settings configured by invoking MDK9.x ICS. At least that is my reading of it. Essentially, everything else on my network seems to work - ICS, and the Linux box can read and write to the shared folders on the WinXP boxes. However, although I can see the Samba Server connection on the WinXP box, attempting to open it results in Network Path not found. I cannot ping 192.168.1.1 However, when I disable Shorewall, I can ping 192.168.1.1 and I can access Samba. But now ICS is disabled :( I have tried to make of sense of the instructions and solutions out there on the internet. Frankly, my head is spinning. The Quickstart guide at Shorewall.net left me even more confused. Is anyone able to give me a simple, plain english explanation on how to configure Shorewall ICS so the other computers on my local workgroup network can access SAMBA? Many thanks in advance... Shorewall is a very effective firewall, but there are a couple of things you should know. 1/ Mandrake sets up shorewall assuming eth0 is the Internet and eth1 is the local network. If you use anything else (such as ADSL) then edit /etc/shorewall/interfaces accordingly. (an ADSL interface is usually ppp0) 2/ By default shorewall disables ping. If you want to enable ping to the firewall device then edit /etc/shorewall/rules and add the line ACCEPT masqfw icmp8 to allow pings from the local network, or ACCEPT net fw icmp8 to allow ping from the Internet 3/ Mandrake sets up shorewall with 3 zones. 'net' is the internet, 'masq' is the local network, and 'fw' is the firewall device itself. If you want the firewall device to run other services (such as samba) then you must open up ports to 'fw' from 'net' or 'masq' as appropriate. Edit /etc/shorewall/rules For example to enable samba to the firewall box from the local network. ACCEPT masqfw tcp 137,138,139 ACCEPT masqfw udp 137,138,139 (I assume you do not want to open samba to the 'net' interface) If you do not mind reducing your security a little you might like to consider opening *all* services between the firewall and local network. You can do that by editing /etc/shorewall/policy and add the line masqfw ACCEPT 4/ After making any change to the shorewall files restart it with shorewall restart in a root terminal. derek -- -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] ICS, Shorewall stops rest of network
On October 26, 2003 04:18 am, Derek Jennings wrote: snip Shorewall is a very effective firewall, but there are a couple of things you should know. 1/ Mandrake sets up shorewall assuming eth0 is the Internet and eth1 is the local network. If you use anything else (such as ADSL) then edit /etc/shorewall/interfaces accordingly. (an ADSL interface is usually ppp0) This is a problem with how Mandrake sets up Shorewall if, for example, you have eth1 at the internet and eth0 as the local network. It took one hell of a long time to figure that out. :-) The ASDL comment is wrong. Not in it's entirety but wrong none the less. Some ADSL applications, notably European and some North American do force you to use pppX as the interface. Others, notably North American, will quite happily set up as ethX and will sulk if you try to set them up as pppX. It appears to be how the modem is configured, though I'm not entirely sure of that. Cable modems, at least the ones I'm familiar with, will set up as ethX as the interface. snip ttfn John Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] ICS, Shorewall stops rest of network
Hi everyone, especially those who responded to my thread. You've given me a fair bit to go on with. Many thanks -- Pierre Final Filer Software http://www.finalfiler.com Worrigee, NSW, Australia 2540 -- Life's like a roll of toilet paper- The closer it gets to the end, the faster it goes. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Reading Shorewall log
On Saturday 13 Sep 2003 11:48 am, Michael Adams wrote: Can someone help me decipher this single log excerpt? The bits i understand i have filled in. I was getting this exactly every half minute. I have scanned the online shorewall docs but did not see how a newbie can read the logs. I have also found that Port 500 is for ISAKMP which means nothing to me.(Computing Dictionary Definition: Internet Security Association and Key Management Protocol) Is this identifiable as a particular worm/virus from this info? I have not found one with this sig (googling). Which one identifies the port hit on my firewall (SPT=) or (DPT=)? I know they are the same in this instance. Why a seperate source port and destination port (SPT= DPT=)? Why two length (LEN=) statements? ###The log entry (my comments start with //) ##I have split it into readable chunks. Sep 13 17:02:24 solid kernel: // Date time host log-source Shorewall:net2all:DROP:IN=ppp0 // Does net2all mean to all boxes behind the firewall? No this tells you the shorewall 'rule' which dropped the packet. 'net2all' is the 'catchall' rule which stops any packet from the Internet getting through the firewall unless there is another rule explicitly allowing it. OUT= MAC= // OUT=??? MAC= ethernet card adresses SRC=203.79.82.168 DST=203.79.67.151 // SRC=Someone else on my ISP. DST=My machine (I confirmed this) SRC (source) is the IP address of whoever sent you the packet. (not necessarily on the same ISP as you) In a Denial of Service attack this address could be 'spoofed' to mislead you. DST (destination) is your IP address. LEN=29 TOS=0x00 PREC=0x00 TTL=58 ID=31755 // ??? The packet was 29 bytes long. Its 'Type of Service' header was not defined. I forhet what PREC is. Its 'Time to live' is 58 msecs so if it went through a network route longer than that it would be dropped before reaching you. The packet IDentification number is 31755 PROTO=UDP // UDP i sort of understand is an alternative to TCP The protocol is UDP which is a broadcasting protocol used for things like streaming where acknowlegements are not required SPT=500 DPT=500 LEN=9 // Source Port, Destination Port, LEN ??? The application that sent the packet was using port 500 on the remote machine. It is trying to connect to an application using port 500 on your machine. This is how the interface knows which application a packet is for. A quick Google tells me that port 500 is used by VPN services for key exchange. If you use this box for a VPN service that could explain all the hits. #End log entry I am not aware of any particular worm/virus using this port. The good news is that shorewall is stopping the packets and you are perfectly safe. Its the packets that get through you have to worry about :-) HTH derek -- www.jennings.homelinux.net Get urpmi sources from http://plf.zarb.org/~nanardon/urpmiweb.php Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie-it] shorewall?
Alle 20:50, venerdì 31 gennaio 2003, Giorgio Griffon ha scritto: Scusate (dal basso della mia ignoranza), non è lo stesso usare l'impostazione di Mozilla limit maximum lifetime of cookies to current section? Naturalmente a patto di usare Mozilla. si per lo script che ho postato per primo non c'è differenza, ma quello era per konqueror che non ha questa possibilità il secondo (per mozilla appunto) cancellava i cookie e ripristinava quelli necessari (in alcuni casi il riconoscimento via cookie è comodo) sarebbe comodo se quell'opzione che indichi potesse avere due o più gruppi, per avere dei tempi di vita diversi Ciao Giorgio bye miKe -- Slackware 8.1 GNU/Linux 2.4.20 @ hp Xe3 R.U.#219755 -- S.R.U.#705 -- R.M.#110932
Re: [newbie-it] shorewall?
Alle 22:28, mercoledì 29 gennaio 2003, miKe ha scritto: Alle 05:58, mercoledì 29 gennaio 2003, Arwan ha scritto: identificarti presso il server, se quindi torni su un sito già visto, accetti di nuovo il biscottino, che poi cancellerai, resti comunque non tracciato, quindi anonimo) Quello dei biscotti e' un problema che lasciavo per la merenda (ed in fatto di linux io sono ancora alla colazione!), pero' mi interessa non poco. Vorrei capire un po' di piu' come funzia 'sta storia dei riconoscimenti per far luce sul problema, e se magari tu avessi pronto lo scriptino di cui dici, mi farebbe piacere darci una sbirciata. Administrator@mdk:~$ less rimuovi_cookie #!/bin/bash [...] Scusate (dal basso della mia ignoranza), non è lo stesso usare l'impostazione di Mozilla limit maximum lifetime of cookies to current section? Naturalmente a patto di usare Mozilla. Ciao Giorgio ___ http://digilander.iol.it/conchiglieveneziane
Re: [newbie-it] shorewall?
Alle 20:50, venerdì 31 gennaio 2003, Giorgio Griffon ha scritto: Scusate (dal basso della mia ignoranza), non è lo stesso usare l'impostazione di Mozilla limit maximum lifetime of cookies to current section? Naturalmente a patto di usare Mozilla. Ciao Giorgio In realtà volevo fare una domanda simile, e cioè a disconnessione potrei in linea teorica da Mozilla rimuovere i cookies e avrei fatto la stessa cosa che lanciare lo script che rimuove cookies.txt e poi lo ricrea?? Secondo me intuitivamente ed irrazionalmente credo non sia la stessa cosa, ma non riesco a trovare il perché di questa sensazione... cioè non credo che lanciare lo script sia una versione linuxiana elegante della rimozione formato x-window dei cookies sotto Mozilla... ma non so perché, ci deve essere sotto dell'altro... Forse però mi sbaglio! Ciao
Re: [newbie-it] shorewall?
Alle Wednesday 29 January 2003 00:11, a proposito di Re: [newbie-it] shorewall? (e chissa' a cosa pensava veramente), miKe ha scritto: oppure fai uno script che alla chiusura della connessione li pialla (molto meglio, tanto non servono se non a identificarti presso il server, se quindi torni su un sito già visto, accetti di nuovo il biscottino, che poi cancellerai, resti comunque non tracciato, quindi anonimo) Quello dei biscotti e' un problema che lasciavo per la merenda (ed in fatto di linux io sono ancora alla colazione!), pero' mi interessa non poco. Vorrei capire un po' di piu' come funzia 'sta storia dei riconoscimenti per far luce sul problema, e se magari tu avessi pronto lo scriptino di cui dici, mi farebbe piacere darci una sbirciata. -- Arwan
Re: [newbie-it] shorewall?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 05:58, mercoledì 29 gennaio 2003, Arwan ha scritto: identificarti presso il server, se quindi torni su un sito già visto, accetti di nuovo il biscottino, che poi cancellerai, resti comunque non tracciato, quindi anonimo) Quello dei biscotti e' un problema che lasciavo per la merenda (ed in fatto di linux io sono ancora alla colazione!), pero' mi interessa non poco. Vorrei capire un po' di piu' come funzia 'sta storia dei riconoscimenti per far luce sul problema, e se magari tu avessi pronto lo scriptino di cui dici, mi farebbe piacere darci una sbirciata. Administrator@mdk:~$ less rimuovi_cookie #!/bin/bash rm $HOME/.kde/share/config/kcookiejarrc touch $HOME/.kde/share/config/kcookiejarrc echo [Cookie Policy] $HOME/.kde/share/config/kcookiejarrc echo CookieDomainAdvice= $HOME/.kde/share/config/kcookiejarrc echo CookieGlobalAdvice=Ask $HOME/.kde/share/config/kcookiejarrc echo Cookies=true $HOME/.kde/share/config/kcookiejarrc echo $HOME/.kde/share/config/kcookiejarrc lo salvi in un file nella tua home e lo fai eseguire da pppd quando termina la connessione (o da kppp) bye miKe - -- Slackware 8.1 GNU/Linux 2.4.20 @ hp Xe3 R.U.#219755 -- S.R.U.#705 -- R.M.#110932 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+OEdoF/9fksDJ4y0RAi1DAKDAWgdGuaxjysaTjkLbgapI/f4nVACfbCGy rTDAcRidmzM1cPitTKkNRDg= =N2AG -END PGP SIGNATURE-
Re: [newbie-it] shorewall?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 20:50, mercoledì 29 gennaio 2003, Emiliano La Licata ha scritto: Alle 00:11, mercoledì 29 gennaio 2003, miKe ha scritto: oppure fai uno script che alla chiusura della connessione li pialla (molto meglio, tanto non servono se non a identificarti presso il server, se quindi torni su un sito già visto, accetti di nuovo il biscottino, che poi cancellerai, resti comunque non tracciato, quindi anonimo) il principio qual è? Accetto di entrare in un posto che ti chiede di compilare un foglio con i tuoi dati che poi straccio quando esco da questo? no, cancelli i cookies se mandi i tuoi dati su un server non puoi cancellarli (a meno che non sia un MS SQL Srv...;) Uso Mozilla, nello script quali files o cartelle devo rimuovere? nel tuo caso è ancora più semplice, #!/bin/bash rm $HOME/.mozilla/default/dkctqeit.slt/cookies.txt touch $HOME/.mozilla/default/dkctqeit.slt/cookies.txt da eseguire alla disconnessione (okkio che pialla TUTTI i biscottini, quindi se vuoi conservare una politica base, devi rigenerare il file, come nel mio precedente esempio con konqueror, dove ricostruivo la parte base esempio prendi il tuo attuale cookies.txt lo salvi in 'cometipare' e lo modifichi conservando, ad esempio, solo questa politica, che vuoi mantenere: [ NB, \ indica 'di seguito' kmail 'wrappa' a 65] .netscape.com TRUE/ FALSE 1609459314 \ NSCP_USER_LOGIN1 \ SHA1=%2;-)***5FID=mike@slackn[-]UR2%5FLOGGED%5FIN=EXPRESS .netscape.com TRUE/ FALSE 1044266636 \ MC_CMP_ESKX pEFRlu20QfPl6mygOsPtcQ== .netscape.com TRUE/ FALSE 1060309913 NS_WM \ mike@slackn:0:200308080230[-]WM_LOGGED nello script quindi aggiungi un semplice: cat $HOME/.mozilla/default/dkctqeit.slt/'cometipare' $HOME/.mozilla/default/dkctqeit.slt/cookies.txt Ciao bye miKe - -- Slackware 8.1 GNU/Linux 2.4.20 @ hp Xe3 R.U.#219755 -- S.R.U.#705 -- R.M.#110932 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+OFBVF/9fksDJ4y0RAiQWAJ9WctR9/I7Ri+v1C8bQYQRSsnE2fwCdG4bi fQmjj8PV41cKpcggxYf2uus= =lZzX -END PGP SIGNATURE-
Re: [newbie-it] shorewall?
Alle 00:14, martedì 28 gennaio 2003, Fabio Manunza ha scritto: Sfrugugliando con shorewall mi ritrovo con queste regole di INPUT: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ppp0_inall -- anywhere anywhere common all -- anywhere anywhere LOGall -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:' reject all -- anywhere anywhere Ora, tenuto conto che la prima regola ad essere letta, se confermata, neutralizza le successive, mi pare che shorewall permetta qualunque cosa in entrata; la vedete anche voi così?? Se quello che penso è vero, dispiacerebbe a chi utilizza il suddetto, controllare se anche il suo #iptables -L corrisponde al mio? Vale. Anche il mio è come il tuo... non so se può essere utile ma tempo fa ho testato shorewall sul sito pc flank e dal test andava quasi tutto bene tranne in un caso legato alla navigazione: Your computer may save special cookies on your hard drive that have the purpose of directing advertising or finding out your habits while web surfing. Recommendation We advise you to get personal firewall software. If you already have a firewall program adjust it to block cookies. You can also block cookies using your browser if it supports cookies blocking feature Referrer check Danger! While visiting web sites your browser reveals private information (called 'referrer') about previous sites you have visited. Recommendation We advise you to get personal firewall software. If you already have a firewall program adjust it to block the distribution of such information (referrer). Non sono molto bravo con le regole di iptables, le sto cominciando adesso a masticare... cosa pensi, pensate? ciao
Re: [newbie-it] shorewall?
Alle 12:40, martedì 28 gennaio 2003, Emiliano La Licata ha scritto: Anche il mio è come il tuo... non so se può essere utile ma tempo fa ho testato shorewall sul sito pc flank e dal test andava quasi tutto bene tranne in un caso legato alla navigazione: Your computer may save special cookies on your hard drive that have the purpose of directing advertising or finding out your habits while web surfing. Recommendation We advise you to get personal firewall software. If you already have a firewall program adjust it to block cookies. You can also block cookies using your browser if it supports cookies blocking feature Referrer check Danger! While visiting web sites your browser reveals private information (called 'referrer') about previous sites you have visited. Recommendation We advise you to get personal firewall software. If you already have a firewall program adjust it to block the distribution of such information (referrer). Non sono molto bravo con le regole di iptables, le sto cominciando adesso a masticare... cosa pensi, pensate? ciao C'è un generico riferimento alla politica dei cookies, che può essere comodamente modificata dalle impostazioni di konqueror; nulla di preoccupante. Un analisi come la tua l'ho fatta anch'io; in più ho ricontrollato il sistema con Nessus, che ha prodotto un risultato negativo (niente problemi). Ma, ancora, non mi convince quella prima riga... Vale. -- - -- Fabio Manunza -- ## n° macchina 140545 ## -
Re: [newbie-it] shorewall?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 13:40, martedì 28 gennaio 2003, Emiliano La Licata ha scritto: Recommendation We advise you to get personal firewall software. If you already have a firewall program adjust it to block the distribution of such information (referrer). Non sono molto bravo con le regole di iptables, le sto cominciando adesso a masticare... non c'entra o setti il navigatore in modo che non accetti cookies (ma su alcuni siti così non navighi) oppure fai uno script che alla chiusura della connessione li pialla (molto meglio, tanto non servono se non a identificarti presso il server, se quindi torni su un sito già visto, accetti di nuovo il biscottino, che poi cancellerai, resti comunque non tracciato, quindi anonimo) ciao bye miKe - -- Slackware 8.1 GNU/Linux 2.4.20 @ hp Xe3 R.U.#219755 -- S.R.U.#705 -- R.M.#110932 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+Nw4rF/9fksDJ4y0RAtNCAJ9eqcxt91jwrgYiHV1F/S0QN2O90QCdH42B ruZ6fNK0yXONQmd99iXdMvo= =oUZx -END PGP SIGNATURE-
Re: [newbie-it] shorewall?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 00:14, martedì 28 gennaio 2003, Fabio Manunza ha scritto: Sfrugugliando con shorewall mi ritrovo con queste regole di INPUT: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ... Ora, tenuto conto che la prima regola ad essere letta, se confermata, neutralizza le successive, mi pare che shorewall permetta qualunque cosa in entrata; la vedete anche voi così?? devi darci il risultato di iptables -nLv bye miKe - -- Slackware 8.1 GNU/Linux 2.4.20 @ hp Xe3 R.U.#219755 -- S.R.U.#705 -- R.M.#110932 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+NxGkF/9fksDJ4y0RApozAJ9QLV56Wo5/ietDNno6ZCQwLhoSQQCfQy0C NsCZxAeUcEPtWrcQrpCMpt4= =z7uA -END PGP SIGNATURE-
Re: [newbie-it] shorewall?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 00:14, martedì 28 gennaio 2003, Fabio Manunza ha scritto: Sfrugugliando con shorewall mi ritrovo con queste regole di INPUT: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ppp0_inall -- anywhere anywhere common all -- anywhere anywhere LOGall -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:' reject all -- anywhere anywhere Ora, tenuto conto che la prima regola ad essere letta, se confermata, neutralizza le successive, mi pare che shorewall permetta qualunque cosa in entrata; la vedete anche voi così?? Se quello che penso è vero, dispiacerebbe a chi utilizza il suddetto, controllare se anche il suo #iptables -L corrisponde al mio? Vale. Ma usi ancora shorewall? ;-) Per chi è alle prime armi (come me) non è forse meglio Guardog ? bye -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+Nb4Y5SFvNF8PgrgRAi+dAJ4+At7+pwhXV6kkmwYLUHQLm/Cy0QCfZwiP wu5sLKKvrNN0AkbF4JmdEA8= =T8Yi -END PGP SIGNATURE-