Re: [newbie] Firewalls for Linux
On Monday 15 Dec 2003 3:35 am, Lyvim Xaphir wrote: Yes, I can elaborate. I have a Zyxel router here that has features much the same as what you described, however I am still unable to match the flexibility of a firewall running iptables/shorewall to the point where I can route incoming traffic to a specific port range on a specific local IP within the local lan. I can route a port but not a range of ports; very annoying. I spent a nearly a week going over the capabilities of the router appliance trying to find a fix and there wasn't one even when you went to the command line of the box. Also you must realize that the router appliance has a full OS of it's own, which in many cases is in fact Linux, but unadvertised as such. You have my condolencies. My place of work had a Zyxel, and it was a pig to administer. My firewall has the same limitation. Not a problem for me, although it could be. There are routers out there that can route ranges though. Yes it probably does have an OS, but pared down to the bare essentials and built by professionals, along which road you are in advance of me. Firewalls running MDK/Shorewall are more configurable, flexible, and just as secure as a router appliance when set up correctly. In my case, even more secure since the Zyxel was responding to ICMP requests before I turned it into a bridge; therefore it was somewhat vulnerable to ICMP DoS attacks. Mine does filter ICMP, if I tell it to, and I have. As far as packet filtering/mangling, there is no match for having an MDK firewall box. As a general purpose solution, you thus have a vast universe of scripts and utilities to choose from in order to enhance firewall functionality. You cannot download scripts or utilities to your router appliance; you cannot upgrade your appliance's OS except at the behest of the manufacturer; you are frozen in the crystalline matrix that the appliance manufacturer put you in. That's fine for people that don't care; however if you are seeking flexibility, knowledge, and greater security while not minding a minimal investment of time, an MDK firewall box is infinitely better. Agreed. But many or most people do not need that flexibility, which takes time to acquire, while their machine is vulnerable to attack. Hardware routers are generally for Mac users or non-tech types. That's fine, but if you are looking for knowledge, a router appliance is not going to get you there; in fact I recommend against it. Even if one is looking for knowledge, there is plenty of stuff to learn in Linux without having to learn a safe level of capability with iptables. This is one area in which a little knowledge is a very dangerous thing. A dedicated router simplifies the iptables setup with connection sharing, because the router can do the filtering and there is no extra work to share the connection - all machines are equal. Whereas using the Linux box complicates the iptables configuration. IMO, the best configuration has two rules: everything out, nothing in. (Most of the hostile outgoing traffic is going to be SMTP or HTTP anyway.) Adding connection sharing to these rules makes them a lot more complex, and every rule added has a chance of being wrong. You should configure a box of your own before you make statements like this. Like I already said, Shorewall is a requisite of connection sharing. Install the MDK secure kernel in conjunction with a 2 nic firewall box and connection sharing, scan it, and you will see what I mean. Right now I can't even ssh into the firewall box from the local lan, much less the internet cloud; physical access is the only option I've got for shelling. And that's with me in the hosts.allow. If it is as simple as checking a box then fine. But having a dedicated Linux box is more expensive than a dedicated router box, (and harder for the SO to accept.) My box is just as tight, using a router, except that I can http or telnet in locally. That's not a big security hit. So are you saying that a dedicated firewall is still a good idea? I would agree with that. My point was that it was bad security to be running the firewall on your workstation. In many peoples cases that is the only reasonable alternative to a firewall router. A PC is more expensive, much bigger, and usually noisier, than a router. If I was living on my own I would certainly build such a beast, but as it is I would rather win other battles ;-) I had many more ports open with the Zyxel in router mode than I have right now. I know because I've taken great pains to compare the two and had a cracker friend attack the MDK box on purpose. I have checked mine with port scanners. The results were boring. -- Richard Urwin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Mon, 15 Dec 2003 17:20:39 +1300 Carren Stuart [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bryan, Funnily enough, I actually agree with most of what you are saying :-) What it really comes down to for me though is this. I use my computer as a home computer only. It is primarily a tool for me to communicate with the wider world and my friends, who for some unknown reason, all live on the other side of the World. I also use it as a learning tool and a toy I guess, in as much as it presents me with new things to try in order to challenge myself from time to time. Installing Mandrake was one of those challenges I set myself, and it has not disappointed me :-) Internet security is important to me, and I have my Windows system locked down as tightly as possible. I have a dial up connection, which is pretty much connected 24 hours a day. I use a respected AV and Kerio with a very stringently customised set of rules, I do not use any Microsoft software other than my operating system, plus I make use of several third party bits and pieces to help me keep my system locked down as tightly as possible. Having said that, I am not paranoid about this, and I do realise that my system is not, and never will be 100% secure. That doesnt bother me. I have taken all the precautions I can for my own particular computing situation, and that is enough for me. I have reduced the risk as much as I possibly can at this point. If I happen to get caught out by some nasty at some time, it will be bad luck, but it wont be due to something stupid I did. As you have already said Linux is an inherently more secure OS than Windows, and the risks are less, although not absent. I want to be able to feel secure using Linux but I don't the level of security someone in business might need. At the moment I dont *feel* secure because I dont understand how the firewall works, and I can't begin to configure it the way I want it, until such time as I can understand it! That's where I am at now. My previous posts about other firewalls available, were really indicating that I was perhaps looking for something I could *get* straight away, to use in the meantime, while I am busy trying to get my head around the built in firewall. As you said, if I don't have that configured properly while I'm learning it, I could be leaving myself wide open right now. I have no knowledge of what the current configuration is (other than what I've set up via Guarddog) - or even if there is a default configuration. I haven't even figured out what command I need to use to *see* the darned thing working! (or view the logs or view the current configuration) None of what I have posted here on the subject is intended in any way to be critical of you or of the linux firewall. I am just a newbie linux user who is trying to learn the basics of setting up her linux system as securely as she possibly can, so that she can get moving and start discovering what this OS has to offer her. I set myself a personal challenge here, and I'm not about to give up just yet. I'm sorry to say, you'll be seeing more of me here, at least until the light bulb in my head switches on! :-) - -- - Carren -BEGIN PGP SIGNATURE- Version: PGP SDK 3.0.2 Comment: iQA/AwUBP902R8qIEIT739NzEQJdDQCfTgpCrdeLeCO2GpihZTOE8WGlQF0AnRgD Lo/PaIczbQmtlxrceYu5pgMu =Pjm5 -END PGP SIGNATURE- Carren I've been here for nearly five years. The lightbulb switches on and off regularly. Fortunately the newbie list is always there. Tucked in amongst the spats and heated opinions are real gems. Hang in there, and welcome. Lee -- User #223705 Linux Counter, http://counter.li.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Sunday 14 December 2003 11:20 pm, Carren Stuart wrote: Internet security is important to me, and I have my Windows system locked down as tightly as possible. I have a dial up connection, which is pretty much connected 24 hours a day. I use a respected AV and Kerio with a very stringently customised set of rules, I do not use any Microsoft software other than my operating system, plus I make use of several third party bits and pieces to help me keep my system locked down as tightly as possible. Prior to about 2 or 3 years ago, I also ran MS as my primary OS with WinXP as the last MS OS on my primary box. I also ran personal firewall software, had scanned my system externally and had a router/firewall appliance at the same time. I did not use IE for a browser (ran opera instead) and tried to be very knowledgable about security in general. At the time, I thought my own system was fairly secure and it might well have been, with their being easier targets that were more likely to be hit than mine. However, with the work that I have done and continue to do testing software and security aspects of software in general, I am much more aware of the deficiencies of certain aspects of the MS OS. I would not disparate anyone for implementing available tools to harden their system, but I would not regard any MS OS as being secure in any fashion. Having said that, I am not paranoid about this, and I do realise that my system is not, and never will be 100% secure. That doesnt bother me. I have taken all the precautions I can for my own particular computing situation, and that is enough for me. I have reduced the risk as much as I possibly can at this point. A standalone router/firewall, even on the modem connection would do so even more. If I happen to get caught out by some nasty at some time, it will be bad luck, but it wont be due to something stupid I did. Could very well be something stupid that some MS developer did. Probably more likely that. As you have already said Linux is an inherently more secure OS than Windows, and the risks are less, although not absent. I want to be able to feel secure using Linux but I don't the level of security someone in business might need. At the moment I dont *feel* secure because I dont understand how the firewall works, and I can't begin to configure it the way I want it, until such time as I can understand it! That's where I am at now. My previous posts about other firewalls available, were really indicating that I was perhaps looking for something I could *get* straight away, to use in the meantime, while I am busy trying to get my head around the built in firewall. Which is why I recommended the standalone router/firewall appliance in the first place. It is fairly cheap (about the same as antivirus software), simple to setup and it offers a fair amount of protection directly out of the box. Granted, it is not as flexible as one might like, but it should certainly serve your purposes until you find a solution that is flexible enough and just as secure. None of what I have posted here on the subject is intended in any way to be critical of you or of the linux firewall. IIRC, you took offense to my statements, not the other way around. I was simply defending what I had said. Again, I did not ever mean to deprecate someone taking all available precautions, including using something like Kerio on Windows, I was simply suggesting that hardening Windows against exploits is an almost insurmountable task. I'm sorry to say, you'll be seeing more of me here, at least until the light bulb in my head switches on! :-) Not at all. I hope to see more of you and wish that more Windows users were interested enough in exploring the limits of their own systems that they would see the weaknesses of it. I have just gotten finished reading an interesting ebook about computer security that suggests that PC software developers in general have for years disregarded security in favor of usability, functionality and ease of use for new users. Linux, having been built by and for hackers did not care as much about UI and ease of use as security and arcane functional utility. Perhaps this is yet another example of that premise. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Sunday 14 December 2003 11:49 pm, Lyvim Xaphir wrote: Well this stuff was mostly stuff on the way to be trashed; whereupon it was intercepted by yours truly. So I've got maybe, wellNOTHING, actually, in this box. If you look around, old stuff is not hard to find. Schools, corporations, government installations, even Ebay; lots of peeps getting rid of old stuff all the time. Not real hard to find these days, especially with this newfangled internet thing. ;) If you consider yourself to be the standard user, then I stand corrected and obviously, I must have exceedingly poor luck picking my own friends. However, since Carren himself suggested that he was looking for something that would duplicate the functionality of Kerio on a Linux box, I do feel somewhat vindicated. All this depends on the intentions of the newbie; which is whether they are going for a functional installation to do stuff on the internet with or whether they are in this for the learning process. Most newbies are here to learn, and attack a learning curve, not run from it. Fact is, there is nothing that says that you can not operate a router at the same time that you operate a firewall. I run both a firewall and a router device. I still prefer the hardware device that disables portscans on my system, again, you may prefer to see those types of attacks, I just want to block them. However, I do not know of any non-techie computer people that just happen to have a spare box lying around, YMMV. Absent a box, there is not really any way to build a standalone firewall box that is going to cost less than the $50 that a hardware router will run you. Installing the firewall on your primary system is not as good as a hardware router device. I have already proven your statement about a firewall box being less than 50 bucks false, since I have a resurrected box right here; and I never have stated that the firewall should be on your primary system. Just because you have managed to do something does not mean that everyone would be able to. I don't know of any way that I could put together a standalone box, including two NIC cards for less than $50 currently were I not to have the hardware lying around from past purchases. It is possible that Joe Average could manage it, but not the ones that I know. At any rate, there is no reason that both of us can't make recommendations and the person in question can choose his own path. I made mine and you made yours. That depends on whether you are instructing newbies at a LUG or at Wal Mart. True, but a person currently using Windows with Kerio is unlikely to be at the LUG. Even if he was, if he didn't have competent assistance, I would be reluctant to advice him to take a shot at it knowing that he would be depending on the results right out of the gate. Were it something simpler than firewalls, I might have a different opinion. There is time for learning after your computer is running and doing the things that you want it to do. I definitely would not suggest to someone coming from the Windows world whose current idea of a good firewall is Kerio with a system tray icon on their primary machine, that they should jump full bore into the world of shorewall and iptables while their current machine is open to attack from the Internet. That I agree with; that's why I made this statement: Hardware routers are generally for Mac users or non-tech types. That's fine, but if you are looking for knowledge, a router appliance is not going to get you there; in fact I recommend against it. That being said, running a firewall on the same box that you use as your primary computer is simply not a good idea. It needs to be a standalone box that sits between you and the Internet. In fact, in most corporate setups the chain goes, Router - Firewall - Router - Internal lan. There is a reason for setting up routers between those boxes. Where in the heck are you getting the idea that I said anything about running the firewall on the primary box? This is what I said -- Thus the modifier, that being said The assumption is that they only have a primary machine (WIndows with firewall software running on that machine) and they want to duplicate that setup with Linux instead. If they had a spare machine lying around with dual NIC cards, they could be running kerio or someother software on a dedicated firewall currently. If they are not, possibly it is because they can not. Since running the firewall software on that primary machine is inferior to running a standalone router appliance, I suggested the router. I did not ever mean to say that a dedicated firewall box, correctly configured was inferior to a router, simply that the router was the quickest, cheapest way to provide security until one learned how to properly configure a standalone firewall. I still stand by my statement. WHAT
Re: [newbie] Firewalls for Linux
On Sunday 14 December 2003 11:14 pm, JoeHill wrote: Actually, no one recommended an appliance. I recommended that the OP invest about 50 - 100 bucks in a used machine, and for sheer ease of use and features, you simply cannot beat something like Smoothwall. Built in features such as Snort IDS, VPN, Web Proxy, dynamic DNS, *and* it supports forwarding by range, not just by port. All this by simply booting from a CD. One correction. I, in fact recommended a router/firewall appliance. I made that recommendation based on the poster's situation having a single primary machine and currently using MS OS and Kerio or some other type of personal firewall software on the primary target machine. Based upon that situation, I stand by my original recommendation that the easiest/cheapest method to implement security is through a router/firewall appliance. To answer Lyvim's original point, either a Linksys, Dlink, or Netgear appliance will all allow opening up ranges of ports rather than just single ports. I know this positively because my ftp server is setup to allow passive transfers on a range of ports (thanks Anne). Since I was who Lyvim was posting the answer too, some of that venom should have been directed to me. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Monday 15 December 2003 01:20 pm, JoeHill wrote: I do think you could come pretty close, though, to the price of one of those Linksys things in doing some shopping around for old hardware and using one of the Linux firewall solutions. More work, maybe a few extra bucks, but in the end a more permanent and flexible situation. Hell, I've seen 10/100 NICs for 10 bucks, and that's *Canadian*, LOL! Keeping in mind the experience of many buying cheap LG-CDROMS, I am not sure that I would recommend someone trying to build such a device with Linux, especially if they have to buy possibly dodgy hardware. I recently recommended the purchase of a fairly expensive (in comparison) modem (external real modem) to a friend because cheap Win-modems are simply not the bargain that their price would suggest. For someone unfamiliar with the trials of loading drivers and hardware compatibility with Linux, such an endeavor could prove to be a lengthy experience. Again, I would not suggest that it is impossible to put something together, but I would not recommend that someone inexperienced with doing that kind of stuff attempt to do it out of the gate. The OP *did* say they were into tinkering, IIRC. Yes, but again, considering the strategy of interlocking lines of defense, a hardware router appliance is not a bad idea, IMO, even if you want to run a dedicated firewall. It is, if nothing else, a $50 additional layer of security for a network. Well worth the price as far as I am concerned. Especially since it will keep most of the routine virus/worm/script kiddie traffic out by itself, leaving you with only the dedicated bad actors to worry about. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Monday 15 Dec 2003 6:06 pm, Bryan Phinney wrote: To answer Lyvim's original point, either a Linksys, Dlink, or Netgear appliance will all allow opening up ranges of ports rather than just single ports. OTOH be very wary of SMC products. My SMC 7401BBRA can't do that I know this positively because my ftp server is setup to allow passive transfers on a range of ports (thanks Anne). Glad to know I got something right - but I'm not sure what it was g Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Monday 15 December 2003 02:06 pm, Anne Wilson wrote: Glad to know I got something right - but I'm not sure what it was g You helped me test that I got the port assignments rights on the passive transfers. When you were trying to get the HP IJS RPM file. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Monday 15 Dec 2003 7:46 pm, Bryan Phinney wrote: On Monday 15 December 2003 02:06 pm, Anne Wilson wrote: Glad to know I got something right - but I'm not sure what it was g You helped me test that I got the port assignments rights on the passive transfers. When you were trying to get the HP IJS RPM file. Ah yes - I never got that sorted. Must have another go at it, but probably not until after Christmas. Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
hi, If you want to keep an eye on what you firewall is doing then you can always just watch the messages it is putting out. I just learnt this funky new thing today (thanks to the ibm lpi tutorials...and a little extrapolation): tail -f /var/log/messages | grep Shorewall will give you everything that is happening to Shorewall, when it happens. You can just let it run somewhere (on another desktop, or whatever you like) and check it if you are feeling paranoid. Given that you just use the standard setup (control centre gui-styles setup up of the firewall). Sorry no popups, but does one really need them? Cripes, we had a play with Tiny personal firewall (now Kerio) in the networking paper I just finished and I can assure you those popups are a BLOODY nuisance. You will end up turning them off no doubt anyway! Hope this helps. Anton ps you should be able to use the tail thing above for any logging configuration you come up with (ie, if you decide to send you log messages to another place, not /var/log/messages...) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Sonntag, 14. Dezember 2003 03:00 schrieb Carren Stuart: What do you people all use/prefer for a firewall to run with Mandrake? Guarddog is a nice tool as a frontend to iptables. Gruß / regards ce == Jabber: [EMAIL PROTECTED] SuSE 8.0 on a Dell Inspiron 8200: http://home.t-online.de/home/mchristoph.eckert/inspiron8200/ == -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/3El2gCBqix845w0RAj1VAJ993tVvVUQXtkQFkuALh64B50RYZwCfUwac N7UIZJyUYBhJaIczVahItSg= =ABib -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Sunday 14 Dec 2003 5:37 am, Lyvim Xaphir wrote: Even at it's basic configuration, Shorewall is much better than a hardware router. Would you elaborate on that Lyvim? My limited experience is the opposite. My router has stateful iptables (or ipchains?) and is pretty much as configurable as a Linux setup, with the added advantage that hostile traffic never gets to a full OS, where it may do more harm. Many of them also support UPnP, so windows users can use IM video if they must. Hardware routers are generally for Mac users or non-tech types. That's fine, but if you are looking for knowledge, a router appliance is not going to get you there; in fact I recommend against it. Even if one is looking for knowledge, there is plenty of stuff to learn in Linux without having to learn a safe level of capability with iptables. This is one area in which a little knowledge is a very dangerous thing. A dedicated router simplifies the iptables setup with connection sharing, because the router can do the filtering and there is no extra work to share the connection - all machines are equal. Whereas using the Linux box complicates the iptables configuration. IMO, the best configuration has two rules: everything out, nothing in. (Most of the hostile outgoing traffic is going to be SMTP or HTTP anyway.) Adding connection sharing to these rules makes them a lot more complex, and every rule added has a chance of being wrong. -- Richard Urwin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Sun, 14 Dec 2003 16:00:34 +1300 Carren Stuart [EMAIL PROTECTED] wrote: There are always more questions! :-) What do you people all use/prefer for a firewall to run with Mandrake? I am not overly impressed with the inbuilt firewall configuration ... so far I have had to disable it completely to get GAIM or my mail to work. I installed Shorewall and then Firestarter, but I don't particularly like that either, plus it crashes at least once a day for some unknown reason. I'm gonna have to go with Bryan Phinney on this one. Usually do anyway ;-) You simply cannot beat a *seperate, dedicated firewall*. If you have an old box layin' around doing nothing, you can't get any easier or safer than this: http://www.smoothwall.org/ If said old box doesn't even have a HD or CDROM, then you can run a firewall off of a floppy. This is the easiest to use (use it myself): http://www.bbiagent.net/ If you don't have the hardware lying around, I would recommend buying an older machine, like a refurbished Pentium at a local used comp shop and going with Smoothwall. Boot from the CD, and yer done. As an absolute last resort, you could spend about the same amount of money on one of those Linksys or D-Link broadband firewall doohickeys. -- JoeHill ++ ICQ # 280779813 Registered Linux user #282046 Homepage: www.orderinchaos.org +++ Life is not a static thing. The only people who do not change their minds are incompetents in asylums who can't and those in cemeteries.-- Everett Dirksen Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Sunday 14 December 2003 12:37 am, Lyvim Xaphir wrote: I have to disagree here, since I was able to install 9.2 on a firewall box with 2 nics, then use Drakconf to share the connection. The firewall box is minimal hardware, 200 mhz Pentium I MMX with 80 megs of memory; not costly at all. Compared to a $50 or less broadband router device. All this depends on the intentions of the newbie; which is whether they are going for a functional installation to do stuff on the internet with or whether they are in this for the learning process. Most newbies are here to learn, and attack a learning curve, not run from it. Fact is, there is nothing that says that you can not operate a router at the same time that you operate a firewall. I run both a firewall and a router device. I still prefer the hardware device that disables portscans on my system, again, you may prefer to see those types of attacks, I just want to block them. However, I do not know of any non-techie computer people that just happen to have a spare box lying around, YMMV. Absent a box, there is not really any way to build a standalone firewall box that is going to cost less than the $50 that a hardware router will run you. Installing the firewall on your primary system is not as good as a hardware router device. If they are in it for the greater understanding of what is going on underneath, which alot of newbies are, then the ideal route to go is a Mandrake firewall running 9.2, with internet connection sharing enabled which btw automatically enables Shorewall, which is of course a firewall. Even at it's basic configuration, Shorewall is much better than a hardware router. Well, your experience with newbies appears to differ from mine. In my experience, they are simply looking for a solution that works, not necessarily one that enables them to know what is going on underneath. There is time for learning after your computer is running and doing the things that you want it to do. I definitely would not suggest to someone coming from the Windows world whose current idea of a good firewall is Kerio with a system tray icon on their primary machine, that they should jump full bore into the world of shorewall and iptables while their current machine is open to attack from the Internet. That being said, running a firewall on the same box that you use as your primary computer is simply not a good idea. It needs to be a standalone box that sits between you and the Internet. In fact, in most corporate setups the chain goes, Router - Firewall - Router - Internal lan. There is a reason for setting up routers between those boxes. Hardware routers are generally for Mac users or non-tech types. That's fine, but if you are looking for knowledge, a router appliance is not going to get you there; in fact I recommend against it. We will just have to disagree there. I don't know of any large enterprise that doesn't run a router appliance and can't even begin to imagine why a home user, provided he can afford it, would not want to gain the same benefits as they do. Granted, you will receive less information as some portscans and obvious probes against your machine are blocked so that you never see them unless you check your router log. I don't have a problem with that since they are, in fact, blocked. Having said all that, to avoid standard newbie frustrations when you are implementing a solution for learning purposes, it is best to let Mandrake install programs set up internet connection sharing using two nics in the firewall; one for the local lan and the other for connection to DSL. Packet filtering/mangling can then occur between the two nics inside the firewall box. When internet connection sharing is set up (using Drakconf), Shorewall is automatically installed/activated. The newbie should then back up his /etc directory before he messes around with Drakconf any more; then he should start examining the Shorewall config files in /etc/shorewall. This will give a better understanding of a default firewall setup, from which they can begin making changes. Or, if you are looking for a very simple solution that provides a fair amount of protection with a minimal amount of issues getting setup, you can plug in a router appliance that provides a hardware firewall, it prevents access to your system from outside and until you physically open up ports, you can't run any servers inside your box. You can still check the log on the device to see all of the traffic that is being blocked. For instance, here you can see all of the Windows traffic (port 137) that my own router is rejecting: WAN Type: PPP over Ethernet (2.57 build 3) Display time: Sun 14 Dec 2003 10:27:10 AM EST Sun 14 Dec 2003 08:40:24 AM EST Unrecognized access from 81.250.114.141:137 to UDP port 137 Sun 14 Dec 2003 08:40:25 AM EST Unrecognized access from 81.250.114.141:137 to UDP port 137 Sun 14 Dec 2003
Re: [newbie] Firewalls for Linux
On Sunday 14 December 2003 01:55 pm, Carren Stuart wrote: As I have already admitted, I understand little of the linux firewall or how it operates behind the scenes. I DO however understand how my Windows based firewall Kerio works, and I HAVE done my homework on installing it and setting it up. Well, then you understand that Kerio runs as a process, just like every other process on your system. Since all processes run as admin on the system, you know that another process can shut down the Kerio process as long as it is programmed to know how to do so. Kerio is not integrated into the kernel, nor is it integrated into the hardware level of network, thus it can be bypassed or turned off. You may be attentive enough to recognize when this happens. I would prefer software that was incapable, or at least very resistant to the possibility. Kerio and other Windows firewall solutions are user friendly. However, they operate in most cases on the exact same system that they are meant to protect. Running a firewall on the primary computer is simply never a good idea, security wise. If you were running Kerio on a standalone box that sits between your box and the Internet connection, that would be better. However, there are known and recognized limitations on the ability to secure any Windows system and since Kerio runs on Windows, it is inherently inferior to a Linux solution since Linux is a more secure OS. Kerio is better than nothing at all, and if configured correctly, can provide a lot of protection. Given the massive numbers of Windows machines that are totally insecure, even a moderate level of protection may provide a lot of security as bad actors hit the lowest hanging fruit first. It is NOT what I would call a newbies Windows firewall, as it is rules based and requires at least a basic understanding of protocols, but it is highly configurable and it works! My firewall comes up stealthed in EVERY security test I have done on it, without fail, and I am as confident as anyone can ever be with things internet security, that it is protecting my machine more than adequately. If you load and run software that is obtained externally, your box is not secure. It is that simple. If you use Internet Explorer as your browser without a very secure proxy server, then your machine is capable of running applications without your knowledge. There are several known vulnerabilities in IE, at least one of which, has had no patch issued to address it. It is not the attacks that are so well known that there are standardized tests that can be run against them that I usually worry about. Given that you are running a closed source operating system, the insides of which only MS has ever seen, you would be foolish to feel yourself secure, even if Kerio was the best firewall software around. There is simply too much that even the Kerio developers don't know about the OS they are trying to protect. You seem to imply in your statement above, that anyone using Kerio or any similar Windows based pretty firewall, is kidding themselves into believing they are *safe* while all the time being wide open to attack from the Internet. That is simply not true. My statement is based on the fact that Kerio, along with a lot of other personal firewall solutions, runs on the target machine, has a wizard that allows a user to change rules themselves on the machine and can be compromised by an application run locally that knows how to turn the software off or knows how to masquerade as another application or stealth as another application. By comparison, iptables or shorewall, should be running on a buffer machine, it has to be configured only by root and thus requires root privileges to be compromised or changed, can be run on an even more secure version of Linux that is even more resistant to attack, and users and less than root processes on the machine can not bypass the software, nor can they change or institute their own rules. As with any firewall, including your shorewall and iptalbes, it needs to be configured correctly and constantly monitored to ensure that current rules are still appropriate at any given point in time. Agreed. However, since it is easier to compromise the security on a windows machine, by definition, it is easier to compromise the security provided by Kerio or other windows firewall solutions than a Linux one. The name or type of software does not change that. Properly configured, Kerio does a fine job of protecting my machine. Sure, there are computer users out there who are running a badly or incorrectly configured firewall who WILL be open to attack ... however, I am not one of them. Well, you may not be open to attack, provided that you know enough about windows to have hardened that operating system. I know just enough about windows to know that I would never, ever trust that OS to be secure from anything or anybody at
Re: [newbie] Firewalls for Linux
On Sunday 14 December 2003 01:55 pm, Carren Stuart wrote: Sorry Brian, but I take exception to this statement: I definitely would not suggest to someone coming from the Windows world whose current idea of a good firewall is Kerio with a system tray icon on their primary machine, that they should jump full bore into the world of shorewall and iptables while their current machine is open to attack from the Internet. The original point that I was making with this statement was that iptables and shorewall are, in my opinion, more difficult to configure and setup than is something like Kerio. If you run Linux and the only protection that you had previously was something like Kerio, you are unlikely to find an immediate replacement for that. In the meantime, you should not leave your Linux machine subject to intrusion and attack while you learn iptables or how to use shorewall. Instead, you would be much better off to purchase a hardware router/firewall, and use that while you learn how to build a better Linux firewall. At least while you are learning, you have some protection. Lyphim, on the other hand, seemed to be suggesting that you obtain a standalone machine and learn enough about iptables and shorewall to configure a standalone firewall, and assuming that your machine is running and you are on the net, hope that you learn enough, quickly enough, for that to protect your primary machine. I happen to disagree. Again, if you disagree with any of the advice that I am giving you, you are welcome to ignore it and go your own way. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
JoeHill wrote: On Sun, 14 Dec 2003 11:20:18 + Richard Urwin [EMAIL PROTECTED] wrote: Would you elaborate on that Lyvim? Never mind, guys, Lyvim would disagree if I said the Earth was round, and go on at great length to explain why. From what I know of Lyvym, he'd probably say that the round-earth theory was a liberal-communist conspiracy, but what the hell, he's a great guy once you get to know his little foibles. Sir Robin -- Certitude is possible for those who only own one encyclopedia. - Robert Anton Wilson Robin Turner IDMYO Bilkent Univeritesi Ankara 06533 Turkey www.bilkent.edu.tr/~robin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Sun, 2003-12-14 at 06:20, Richard Urwin wrote: On Sunday 14 Dec 2003 5:37 am, Lyvim Xaphir wrote: Even at it's basic configuration, Shorewall is much better than a hardware router. Would you elaborate on that Lyvim? My limited experience is the opposite. My router has stateful iptables (or ipchains?) and is pretty much as configurable as a Linux setup, with the added advantage that hostile traffic never gets to a full OS, where it may do more harm. Many of them also support UPnP, so windows users can use IM video if they must. Yes, I can elaborate. I have a Zyxel router here that has features much the same as what you described, however I am still unable to match the flexibility of a firewall running iptables/shorewall to the point where I can route incoming traffic to a specific port range on a specific local IP within the local lan. I can route a port but not a range of ports; very annoying. I spent a nearly a week going over the capabilities of the router appliance trying to find a fix and there wasn't one even when you went to the command line of the box. Also you must realize that the router appliance has a full OS of it's own, which in many cases is in fact Linux, but unadvertised as such. Firewalls running MDK/Shorewall are more configurable, flexible, and just as secure as a router appliance when set up correctly. In my case, even more secure since the Zyxel was responding to ICMP requests before I turned it into a bridge; therefore it was somewhat vulnerable to ICMP DoS attacks. As far as packet filtering/mangling, there is no match for having an MDK firewall box. As a general purpose solution, you thus have a vast universe of scripts and utilities to choose from in order to enhance firewall functionality. You cannot download scripts or utilities to your router appliance; you cannot upgrade your appliance's OS except at the behest of the manufacturer; you are frozen in the crystalline matrix that the appliance manufacturer put you in. That's fine for people that don't care; however if you are seeking flexibility, knowledge, and greater security while not minding a minimal investment of time, an MDK firewall box is infinitely better. Hardware routers are generally for Mac users or non-tech types. That's fine, but if you are looking for knowledge, a router appliance is not going to get you there; in fact I recommend against it. Even if one is looking for knowledge, there is plenty of stuff to learn in Linux without having to learn a safe level of capability with iptables. This is one area in which a little knowledge is a very dangerous thing. A dedicated router simplifies the iptables setup with connection sharing, because the router can do the filtering and there is no extra work to share the connection - all machines are equal. Whereas using the Linux box complicates the iptables configuration. IMO, the best configuration has two rules: everything out, nothing in. (Most of the hostile outgoing traffic is going to be SMTP or HTTP anyway.) Adding connection sharing to these rules makes them a lot more complex, and every rule added has a chance of being wrong. You should configure a box of your own before you make statements like this. Like I already said, Shorewall is a requisite of connection sharing. Install the MDK secure kernel in conjunction with a 2 nic firewall box and connection sharing, scan it, and you will see what I mean. Right now I can't even ssh into the firewall box from the local lan, much less the internet cloud; physical access is the only option I've got for shelling. And that's with me in the hosts.allow. I had many more ports open with the Zyxel in router mode than I have right now. I know because I've taken great pains to compare the two and had a cracker friend attack the MDK box on purpose. LX -- °°° Linux Mandrake 9.1 Kernel 2.4.21-0.13mdk Lets face it if winblowz wasn't full of holes then it would probably look like Linux -- Aron Smith, Mandrake OT mailing list *Catch Star Trek Enterprise, Wednesdays on UPN* Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Sun, 2003-12-14 at 16:46, robin wrote: JoeHill wrote: On Sun, 14 Dec 2003 11:20:18 + Richard Urwin [EMAIL PROTECTED] wrote: Would you elaborate on that Lyvim? Never mind, guys, Lyvim would disagree if I said the Earth was round, and go on at great length to explain why. From what I know of Lyvym, he'd probably say that the round-earth theory was a liberal-communist conspiracy, but what the hell, he's a great guy once you get to know his little foibles. Why thank you, Sir Robin. ;O Sir Robin LX -- ° Linux Mandrake 9.1 Kernel 2.4.21-0.13mdk He was an Angel?? Too bad. He was such a nice fellow. --Professor Wutheridge, The Bishops Wife *Catch Star Trek Enterprise, Wednesdays on UPN* ° Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On 14 Dec 2003 22:35:35 -0500 Lyvim Xaphir [EMAIL PROTECTED] wrote: Yes, I can elaborate. I have a Zyxel router here that has features much the same as what you described, however I am still unable to match the flexibility of a firewall running iptables/shorewall to the point where I can route incoming traffic to a specific port range on a specific local IP within the local lan. I can route a port but not a range of ports; very annoying. I spent a nearly a week going over the capabilities of the router appliance trying to find a fix and there wasn't one even when you went to the command line of the box. Also you must realize that the router appliance has a full OS of it's own, which in many cases is in fact Linux, but unadvertised as such. Actually, no one recommended an appliance. I recommended that the OP invest about 50 - 100 bucks in a used machine, and for sheer ease of use and features, you simply cannot beat something like Smoothwall. Built in features such as Snort IDS, VPN, Web Proxy, dynamic DNS, *and* it supports forwarding by range, not just by port. All this by simply booting from a CD. Did I mention it also has the ability to download and install updates as they become available? I don't think the OP is looking for industrial-grade NSA level security here, they're looking for a fair balance of useability and security without having to break out the IPTables handbook. I *do* think you are looking for an opportunity to be a disagreeable prick. -- JoeHill ++ ICQ # 280779813 Registered Linux user #282046 Homepage: www.orderinchaos.org +++ The philosophers have only interpreted the world in various ways. The point, however, is to change it.-- Karl Marx Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Sun, 2003-12-14 at 10:28, Bryan Phinney wrote: On Sunday 14 December 2003 12:37 am, Lyvim Xaphir wrote: I have to disagree here, since I was able to install 9.2 on a firewall box with 2 nics, then use Drakconf to share the connection. The firewall box is minimal hardware, 200 mhz Pentium I MMX with 80 megs of memory; not costly at all. Compared to a $50 or less broadband router device. Well this stuff was mostly stuff on the way to be trashed; whereupon it was intercepted by yours truly. So I've got maybe, wellNOTHING, actually, in this box. If you look around, old stuff is not hard to find. Schools, corporations, government installations, even Ebay; lots of peeps getting rid of old stuff all the time. Not real hard to find these days, especially with this newfangled internet thing. ;) All this depends on the intentions of the newbie; which is whether they are going for a functional installation to do stuff on the internet with or whether they are in this for the learning process. Most newbies are here to learn, and attack a learning curve, not run from it. Fact is, there is nothing that says that you can not operate a router at the same time that you operate a firewall. I run both a firewall and a router device. I still prefer the hardware device that disables portscans on my system, again, you may prefer to see those types of attacks, I just want to block them. However, I do not know of any non-techie computer people that just happen to have a spare box lying around, YMMV. Absent a box, there is not really any way to build a standalone firewall box that is going to cost less than the $50 that a hardware router will run you. Installing the firewall on your primary system is not as good as a hardware router device. I have already proven your statement about a firewall box being less than 50 bucks false, since I have a resurrected box right here; and I never have stated that the firewall should be on your primary system. What I have said is that an MDK firewall box built using the MDK installation routines is better than a router appliance, which that statement derives directly from scans against both. If they are in it for the greater understanding of what is going on underneath, which alot of newbies are, then the ideal route to go is a Mandrake firewall running 9.2, with internet connection sharing enabled which btw automatically enables Shorewall, which is of course a firewall. Even at it's basic configuration, Shorewall is much better than a hardware router. Well, your experience with newbies appears to differ from mine. In my experience, they are simply looking for a solution that works, not necessarily one that enables them to know what is going on underneath. That depends on whether you are instructing newbies at a LUG or at Wal Mart. There is time for learning after your computer is running and doing the things that you want it to do. I definitely would not suggest to someone coming from the Windows world whose current idea of a good firewall is Kerio with a system tray icon on their primary machine, that they should jump full bore into the world of shorewall and iptables while their current machine is open to attack from the Internet. That I agree with; that's why I made this statement: Hardware routers are generally for Mac users or non-tech types. That's fine, but if you are looking for knowledge, a router appliance is not going to get you there; in fact I recommend against it. That being said, running a firewall on the same box that you use as your primary computer is simply not a good idea. It needs to be a standalone box that sits between you and the Internet. In fact, in most corporate setups the chain goes, Router - Firewall - Router - Internal lan. There is a reason for setting up routers between those boxes. Where in the heck are you getting the idea that I said anything about running the firewall on the primary box? This is what I said -- it is best to let Mandrake install programs set up internet connection sharing using two nics in the firewall; one for the local lan and the other for connection Note the term local lan, which in this case implies that I have a local lan. A large segment of the population these days has more than one computer system. Hardware routers are generally for Mac users or non-tech types. That's fine, but if you are looking for knowledge, a router appliance is not going to get you there; in fact I recommend against it. We will just have to disagree there. I don't know of any large enterprise that doesn't run a router appliance We are not talking about Cisco's; we are talking about the home market here and $50-$100 router appliances, where some individuals seek better control over their internet access, and don't have access to Cisco boxes. and can't even begin to imagine why a home user, provided he can
Re: [newbie] Firewalls for Linux
On Sun, 2003-12-14 at 23:14, JoeHill wrote: On 14 Dec 2003 22:35:35 -0500 Lyvim Xaphir [EMAIL PROTECTED] wrote: Yes, I can elaborate. I have a Zyxel router here that has features much the same as what you described, however I am still unable to match the flexibility of a firewall running iptables/shorewall to the point where I can route incoming traffic to a specific port range on a specific local IP within the local lan. I can route a port but not a range of ports; very annoying. I spent a nearly a week going over the capabilities of the router appliance trying to find a fix and there wasn't one even when you went to the command line of the box. Also you must realize that the router appliance has a full OS of it's own, which in many cases is in fact Linux, but unadvertised as such. Actually, no one recommended an appliance. I recommended that the OP invest about 50 - 100 bucks in a used machine, and for sheer ease of use and features, you simply cannot beat something like Smoothwall. Built in features such as Snort IDS, VPN, Web Proxy, dynamic DNS, *and* it supports forwarding by range, not just by port. All this by simply booting from a CD. Did I mention it also has the ability to download and install updates as they become available? I don't think the OP is looking for industrial-grade NSA level security here, they're looking for a fair balance of useability and security without having to break out the IPTables handbook. I *do* think you are looking for an opportunity to be a disagreeable prick. Take it to the OT list, dirtbag. I'll handle you there. LX -- °°° Linux Mandrake 9.1 Kernel 2.4.21-0.13mdk Filter That, Bitch! --Lanman, MDK Newbie List Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Saturday 13 December 2003 10:00 pm, Carren Stuart wrote: What do you people all use/prefer for a firewall to run with Mandrake? Well, I use iptables and have a custom written bash script to update the firewall with ip ranges that I want to block. Not particularly newbie friendly, but it gives me maximum control over the firewall. I am not overly impressed with the inbuilt firewall configuration ... so far I have had to disable it completely to get GAIM or my mail to work. Firewalls are not the most newbie friendly technology to work with. If you have a broadband connection, you really should invest in a hardware router/firewall, there is really no substitute for that. Someone elsewhere put me onto Guarddog, which I installed today and I do like it. It gives me far better control over my firewall settings and allows custom rule creation which is what I like. However, it does not put an icon in the system tray, does not appear to give me any alerts or request permissions for anything, and I really have no way of knowing that it is even working. I really like to *see* what my firewall is doing. Well, depending on the settings that guarddog uses, it probably logs to syslog when it drops packets. You can simply grep syslog to see the firewall at work. System tray icons and the like are a Window's creation to give a false sense of security to users. In essence, a software firewall with a system tray icon is actually quite insecure, it can be shut off quite easily and bypassed as well, it is not integrated into the kernel the way something like iptables is. So, if I had to choose, I would take Linux with an effective firewall solution and no GUI versus Windows with a mostly ineffective solution and a nice GUI. Are there any other linux compatible firewalls out there, or front ends for the built in one, that would give me the control I want, plus allow me to monitor what it's doing? If you want to really know what your firewall is doing, there is no substitute for learning about it and implementing it yourself. If you really want something that puts it all together for you, I would recommend Bastille, but you should expect to have to invest some time learning. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls for Linux
On Sat, 2003-12-13 at 22:39, Bryan Phinney wrote: On Saturday 13 December 2003 10:00 pm, Carren Stuart wrote: What do you people all use/prefer for a firewall to run with Mandrake? Well, I use iptables and have a custom written bash script to update the firewall with ip ranges that I want to block. Not particularly newbie friendly, but it gives me maximum control over the firewall. I am not overly impressed with the inbuilt firewall configuration ... so far I have had to disable it completely to get GAIM or my mail to work. Firewalls are not the most newbie friendly technology to work with. If you have a broadband connection, you really should invest in a hardware router/firewall, there is really no substitute for that. I have to disagree here, since I was able to install 9.2 on a firewall box with 2 nics, then use Drakconf to share the connection. The firewall box is minimal hardware, 200 mhz Pentium I MMX with 80 megs of memory; not costly at all. All this depends on the intentions of the newbie; which is whether they are going for a functional installation to do stuff on the internet with or whether they are in this for the learning process. Most newbies are here to learn, and attack a learning curve, not run from it. If they are in it for the greater understanding of what is going on underneath, which alot of newbies are, then the ideal route to go is a Mandrake firewall running 9.2, with internet connection sharing enabled which btw automatically enables Shorewall, which is of course a firewall. Even at it's basic configuration, Shorewall is much better than a hardware router. Hardware routers are generally for Mac users or non-tech types. That's fine, but if you are looking for knowledge, a router appliance is not going to get you there; in fact I recommend against it. Having said all that, to avoid standard newbie frustrations when you are implementing a solution for learning purposes, it is best to let Mandrake install programs set up internet connection sharing using two nics in the firewall; one for the local lan and the other for connection to DSL. Packet filtering/mangling can then occur between the two nics inside the firewall box. When internet connection sharing is set up (using Drakconf), Shorewall is automatically installed/activated. The newbie should then back up his /etc directory before he messes around with Drakconf any more; then he should start examining the Shorewall config files in /etc/shorewall. This will give a better understanding of a default firewall setup, from which they can begin making changes. LX -- °°° Linux Mandrake 9.1 Kernel 2.4.21-0.13mdk Lets face it if winblowz wasn't full of holes then it would probably look like Linux -- Aron Smith, Mandrake OT mailing list *Catch Star Trek Enterprise, Wednesdays on UPN* Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewalls galore
Thanks Paul, I'll give it a go. skinky I think InteractiveBastille is the best one so far. It has the most versatile setup and the defaults are already pretty good. The only thing to notice is that you enable smtp in the outside connections for Postfix and you should be fine. Paul
Re: [newbie] Firewalls galore
It was Mon, 6 Aug 2001 22:28:57 +1200 when skinky wrote: Hello everyone I'm hoping someone can tell me which firewall is best to have installed. Having said that, when installing LM8.0, Port Sentry, Bastille and Tiny Firewall were all installed. Not knowing what Port I think InteractiveBastille is the best one so far. It has the most versatile setup and the defaults are already pretty good. The only thing to notice is that you enable smtp in the outside connections for Postfix and you should be fine. Paul -- We measure success and depth by length of time, but it is possible to have a deep relationship that doesn't always stay the same. -Barbara Hershey http://nlpagan.net - Registered Linux User 174403 Linux Mandrake 8.0 - Sylpheed 0.5.2 ** http://www.care2.com - when you care **
Re: [newbie] Firewalls
There are a lot of firewall solutions. One that many people recommend is pmfirewall. It asks you some simple questions about your network: how you get your IP address, what services you want accessible, etc., then generates a customized firewall script. Pmfirewall is based on IPCHAINS, so you do need to have that installed. (BTW, if you're running a recent version of LInux-Mandrake, IPCHAINS should already have been in your system.) You can download pmfirewall from http://www.pointman.org. Cheers. M. On Monday 01 January 2001 08:10, you wrote: How does one go about setting up a firewall in Linux? I discovered the firewall daemon and am running that...is that how most home users do it? (When I tried to configure it it complained that ipchains was not installed, so I installed it. Does that sound OK?) I've used IPFilter before, where I could create a list of rules. Is there a kernel-driven firewall available? I have a home computer with a DSL connection. -- Michael O'Henly TENZO Design
Re: [newbie] Firewalls
On Monday 01 January 2001 10:39 am, Michael O'Henly wrote: There are a lot of firewall solutions. One that many people recommend is pmfirewall. It asks you some simple questions about your network: how you get your IP address, what services you want accessible, etc., then generates a customized firewall script. Pmfirewall is based on IPCHAINS, so you do need to have that installed. (BTW, if you're running a recent version of LInux-Mandrake, IPCHAINS should already have been in your system.) Since I use PPPoE, should I set the interface to ppp0 or eth0? ppp0 has the IP address, so I assume that's the one.
Re: [newbie] Firewalls
On Monday 01 January 2001 10:52, you wrote: On Monday 01 January 2001 10:39 am, Michael O'Henly wrote: There are a lot of firewall solutions. One that many people recommend is pmfirewall. It asks you some simple questions about your network: how you get your IP address, what services you want accessible, etc., then generates a customized firewall script. Pmfirewall is based on IPCHAINS, so you do need to have that installed. (BTW, if you're running a recent version of LInux-Mandrake, IPCHAINS should already have been in your system.) Since I use PPPoE, should I set the interface to ppp0 or eth0? ppp0 has the IP address, so I assume that's the one. You are correct. ppp0 is the one. -- Ralph F. De Witt MBA It said uses Windows 98 or better so I installed Linux-Mandrake 7.2 Proud user of Linux-Mandrake 7.2 Powerpack Deluxe Register Linux User 168814 ICQ #49993234 GPG Public Key available at http://www.keyserver.net Key fingerprint = 6426 1CFF 0987 9D51 76D6 06BC F22A CFF4 559A 03E7
Re: [newbie] firewalls
On Fri, 17 Nov 2000, [EMAIL PROTECTED] wrote: hi all, wanted to know whats a good firewall ? just tell me what works and where to get it, thats all I need. thank you, chronos. Get your own FREE E-mail address at http://www.linuxfreemail.com Linux FREE Mail is 100% FREE, 100% Linux, and 100% yours! I'm using PMFirewall. I believe it's at http://www.pointman.org. Simple and easy. There is also portsentry to go with it, but I have yet to install it. -- TRBishop [EMAIL PROTECTED] RLU#12043 SuSE 7.0Pro
RE: [newbie] firewalls
Another site that is interactive and easy to use is: http://www.linux-firewall-tools.com/lunx/firewall/index.html Run this site in your netscape browser. This resulting script (from the website) should be saved in the /etc/rc.d directory as rc.firewall. If you want it to work in the boot process, edit the /etc/rc.d/rc.local file and add "/etc/rc.d/rc.firewall" at the end. There are also instructions on how to install the firewall script on the website provided above. Regards, Rob Peters -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tyler Longren Sent: Saturday, November 11, 2000 11:41 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [newbie] firewalls Some Linux firewalls: Falcon Firewall Project Phoenix Adaptive Firewall Sinus Firewall And of course, ipchains. I suggest you use ipchains. It's already installed on your linux box. You should also get Firestarter from http://firestarter.sourceforge.net. It's a nice GUI frontend to ipchains. Regards, Tyler Longren On Sat, 11 Nov 2000, chronos wrote: Date: Sat, 11 Nov 2000 09:23:05 -0800 To: [EMAIL PROTECTED] From: chronos [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Subject: [newbie] firewalls Hi all, Well as I get ready to go out to the internet in linux for the first time had a question. What firewall is good for linux 7.2 ? I basically want a decent one that I can configure to suit my needs. How about Black Ice defender ? Will that work with linux ? If not Id like some suggustions. If there are free ones that are decent cool. If not money is really not an issue as I want my box safe. Thank you, Chronos.
Re: [newbie] firewalls
The link should be http://www.linux-firewall-tools.com/linux/firewall/index.html Robert Peters wrote: Another site that is interactive and easy to use is: http://www.linux-firewall-tools.com/lunx/firewall/index.html Run this site in your netscape browser. This resulting script (from the website) should be saved in the /etc/rc.d directory as rc.firewall. If you want it to work in the boot process, edit the /etc/rc.d/rc.local file and add "/etc/rc.d/rc.firewall" at the end. There are also instructions on how to install the firewall script on the website provided above. Regards, Rob Peters
RE: [newbie] firewalls
Thanks! RP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eugene C. Zesch Sent: Saturday, November 11, 2000 13:23 To: [EMAIL PROTECTED] Subject: Re: [newbie] firewalls The link should be http://www.linux-firewall-tools.com/linux/firewall/index.html Robert Peters wrote: Another site that is interactive and easy to use is: http://www.linux-firewall-tools.com/lunx/firewall/index.html Run this site in your netscape browser. This resulting script (from the website) should be saved in the /etc/rc.d directory as rc.firewall. If you want it to work in the boot process, edit the /etc/rc.d/rc.local file and add "/etc/rc.d/rc.firewall" at the end. There are also instructions on how to install the firewall script on the website provided above. Regards, Rob Peters
RE: RE: [newbie] firewalls
Great link --- Original Message --- "Robert Peters" [EMAIL PROTECTED] Wrote on Sat, 11 Nov 2000 13:25:35 -0600 -- Thanks! RP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eugene C. Zesch Sent: Saturday, November 11, 2000 13:23 To: [EMAIL PROTECTED] Subject: Re: [newbie] firewalls The link should be http://www.linux-firewall-tools.com/linux/firewall/index.html Robert Peters wrote: Another site that is interactive and easy to use is: http://www.linux-firewall-tools.com/lunx/firewall/index.html Run this site in your netscape browser. This resulting script (from the website) should be saved in the /etc/rc.d directory as rc.firewall. If you want it to work in the boot process, edit the /etc/rc.d/rc.local file and add "/etc/rc.d/rc.firewall" at the end. There are also instructions on how to install the firewall script on the website provided above. Regards, Rob Peters - Sent using MailStart.com ( http://MailStart.Com/welcome.html ) The FREE way to access your mailbox via any web browser, anywhere!
Re: [newbie] Firewalls...
mandrake comes with gfcc. Simply type gfcc at the command prompt or whereis gfcc and execute the path.
Re: [newbie] Firewalls...
Combine the following, or use gfcc to configure ipchains yourself: pmfirewall -- an ipchains rules script that's very easy to install: www.pointman.org portsentry -- port scan detector that is very sensitive and effective: www.psionic.com logchek -- checks your /var/log/messages file at specified intervals and mails suspicious entries to you, also: www.psionic.com hostsentry -- although still in development, logs suspicious logins to your system, also: www.psionic.com --Greg I'm back again, it's question day to day, anybody point me in the right direction for a good firewall or ways to secure my linux box, any help would be great. Thanks in advance... Robert. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. __ Vous avez un site perso ? 2 millions de francs à gagner sur i(france) ! Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif
Re: [newbie] Firewalls...
pmfirewall, http://www.linux-firewall-tools.com/linux/firewall you can look for gfcc, it's pretty cool for editing your firewall script after you've created it. btw, pmfirewall can be found by searching at freshmeat.net Adam - Original Message - From: "Robert Griffiths" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 03, 2000 12:41 PM Subject: [newbie] Firewalls... I'm back again, it's question day to day, anybody point me in the right direction for a good firewall or ways to secure my linux box, any help would be great. Thanks in advance... Robert. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.