Re: [gentoo-user] Questions about setting up reliable firewall
On 12 August 2005 16:40, cothrige wrote: > I have been trying to find a way to set up a simple firewall which I > can trust is doing what I need it to do. I am connecting via a > diaulup with my local phone company which dynamically assigns me an ip > address. I want to be able to use the web and send and receive email > via my pop and smtp server, also from my phone company, but of course > would like to protect myself from outside attacks. I also have a > second machine connected via ethernet which allows me to operate out > of two rooms, but I don't have anything I can use to set up a > dedicated firewall box, which seems to be what so many howtos assume. Emerge shorewall, read the docs, especially the comments in its config files and set it up. Once you understand how it works, the setup is easy. Then let /etc/ppp/ip-up bring it up and /etc/ppp/ip-down bring it down. In your simple setup, just deny everything from outside and allow everything from inside. Though a dedicated firewall is much better for anything larger, you can get away with setting it up on your connecting box. Uwe -- 95% of all programmers rate themselves among the top 5% of all software developers. - Linus Torvalds http://www.uwix.iway.na (last updated: 20.06.2004) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Questions about setting up reliable firewall
Have a look at firehol (firehol.sourceforge.net). I suppose that this is exactly what u r looking for. You can write config files in an easy and understandable language, firehol will translate them into iptables commands. You can find predefined scripts for different environments after emerging firehol in /etc/firehol/examples For a single dialup computer the settings are as simple as: interface any world client all accept Which means that the computer is completely hidden and offers no services. Adding a ssh Server just adds the following line server ssh You can find a nice and detailled example at firehols hompage. On Friday 12 August 2005 15:40, cothrige wrote: > I have been trying to find a way to set up a simple firewall which I > can trust is doing what I need it to do. I am connecting via a > diaulup with my local phone company which dynamically assigns me an ip > address. I want to be able to use the web and send and receive email > via my pop and smtp server, also from my phone company, but of course > would like to protect myself from outside attacks. I also have a > second machine connected via ethernet which allows me to operate out > of two rooms, but I don't have anything I can use to set up a > dedicated firewall box, which seems to be what so many howtos assume. > > Can anyone make a suggest a guide or howto on firewalls which I can > use? I have never been able to figure out iptables in such a way that > I am confident that I am doing anything other than making things > worse, or just end up unable to connect to anything. Or perhaps there > is a simple tool which will do these things? I tried firestarter but > it never seemed to work quite right. I could get it to allow me out > once, but then when I would dial up later I couldn't reach the > network. Or the ssh connection would be down. Or something similar. > This was disappointing as it really did seem the simplest to use of > those I investigated. > > I hope someone can make a suggestion to an iptable newbie about where > to go now. Many thanks for any help, > > Patrick -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Questions about setting up reliable firewall
* Alexander Rink ([EMAIL PROTECTED]) wrote: > Have a look at firehol (firehol.sourceforge.net). I suppose that this is > exactly what u r looking for. You can write config files in an easy and > understandable language, firehol will translate them into iptables commands. > You can find predefined scripts for different environments after emerging > firehol in /etc/firehol/examples > > For a single dialup computer the settings are as simple as: > interface any world > client all accept > > Which means that the computer is completely hidden and offers no services. > Adding a ssh Server just adds the following line > server ssh > > You can find a nice and detailled example at firehols hompage. Quite awesome. I used the tutorial on their webpage and it seemed to work just as I wanted. I tried several online port scans, i.e. Sygate, Shields Up, etc., and they all returned all ports as stealthed. And yet my internet connection, masquerading, and ssh connections are all up and running just as I need. Many thanks for the help. Patrick -- gentoo-user@gentoo.org mailing list
