Debian :: Setup A Good Firewall For Dummies?
Apr 5, 2011I am running squeeze 6 on amd64 i like to know if there is guide how to setup a good firewall for dummies like me
View 7 RepliesI am running squeeze 6 on amd64 i like to know if there is guide how to setup a good firewall for dummies like me
View 7 Replieshow can i setup a firewall in my system
View 3 Replies View RelatedRecently I have been working on iptables and trying to understand how to use it. Here's a little script I have written to setup a basic firewall for myself:
Code:
#!/bin/bash
if [ `id -u` -ne 0 ]; then
echo "You need root privilege"
exit 1
fi
PROG=/sbin/iptables
$PROG -F
function sethttp {
echo "Opening http port..."
$PROG -A INPUT -p tcp --dport 80 -j ACCEPT
}
function sethttps {
echo "Opening https port..."
$PROG -A INPUT -p tcp --dport 443 -j ACCEPT
}
function settorrent {
echo "Opening torrent port..."
$PROG -A INPUT -p tcp --dport 52413 -j ACCEPT
}
while getopts "hst" option; do
case "$option" in
h) sethttp;;
s) sethttps;;
t) settorrent;;
*) echo "DOH!"
esac
done
$PROG -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$PROG -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$PROG -A INPUT -i lo -j ACCEPT
$PROG -A OUTPUT -o lo -j ACCEPT
$PROG -A INPUT -j DROP
$PROG -A FORWARD -j REJECT
echo "Done setting up the firewall! Enjoy :)"
exit 0
OK, this can take 3 arguments that open ports 80, 443 and 52413. And at the end, some default rules are applied. But here's the thing I don't understand:
if I don't give the argument for port 80, I can still view web pages... and also, when I remove the line:
Code:
$PROG -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Whether I say it to open port 80 or not, I can't view any web pages.
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
I am new to the Ubuntu/Linix world (less than a week).
I have tried the search, but have had difficulty finding threads on this.
Can someone recommend an excellent firewall to use with Ubuntu?
Is a firewall necessary on ubuntu? I've never thought about it until now. Do I need one? If so whats a good firewall to install? As you can tell im not too knowledgeable on this subject. I know (i think) linux has a built in firewall called iptables but ive never used it or looked into it.
View 9 Replies View Relatedim looking for a good firewall application.
View 2 Replies View RelatedI was just wondering if anyone uses 'Firestarter' firewall, and what you think of it?
View 13 Replies View RelatedWhat is a good IP filter/firewall program? Seeing as how I like free softwares, I download a lot of torrents. When I was using Windows, I used PeerBlock (the newer fork of PeerGuardian), however, it's not available for Linux. What would be a good alternative for this in Linux? I tried iplist as it has a GUI, and it was extremely buggy and blocked random web pages even after I put them on the exceptions list. And MoBlock has no GUI from I understand, nor has it been updated in years.
View 9 Replies View RelatedI'm looking for a good hardware firewall that will run on an older pc (ie 512 MB RAM and 1GHZ CPU) FOSS is preferable, but not required. I've tried Astaro, but it refuses to load after a restart. I'm hoping for AV as I support Windoze clients, and a VPN. Past that, I can deal with anything.
View 4 Replies View RelatedI'm trying to build firewall on Debian with 'Firewall Builder'. But it won't let me compile and run unless one interface is set as management. There are two interfaces on my computer: 'eth0' and 'lo'
I don't want to be able to configure firewall remotely, so could I use 'lo' as 'management interface'?
Up until recently, as in a few days ago, I was using Ubuntu and had ufw managing the firewall.It's been "recommended" that iptables itself be used. Where do I do the rules go (as in a file) and how do I call those rules at startup?
View 6 Replies View RelatedI am a Linux newbie so please bear with me if I sound stupid. I was checking out how to set up a firewall for my system and landed on this webpage: [URL]. But I am so confused with how this ufw application works. What I understand is that once I set it to "default deny" it prevents unauthorized incoming connection but what does it mean when the author says to add exceptions for services I need? When do I need to do that? Also what's an SSH server?
View 2 Replies View RelatedHow do i set up my firewall to allow traffic from iperf?
View 6 Replies View RelatedI'm an it student and a newbie in linux OS.
We have this final project that we have to set-up
a firewall in a linux redhat OS which i totally have no idea ..
i did some research but haven't found the right one.
A good free/open source HTTP Server which can be setup on Linux Fedora 9? If there is a good instruction manual for the installation.
View 4 Replies View RelatedI'm trying to get OpenMPI (a parallel programming library) working on my home system. I have just two machines on it now, t61 and quad, connected through a router. (Which is also connected to cable modem for internet.) I can ssh between the machnes, mount directories with NFS, etc. However, I just can't get the OpenMPI to run. The OpenMPI message board suggested that the most probable cause is that the firewall is blocking TCP. I don't know how to tell if that's the problem, and can't find any manual for the SuSE firewall, while the various Wikis &c that pop up in a search don't provide any information that addresses my problem.
View 9 Replies View RelatedI want to setup a router with firewall on ubuntu box that will connect windows pcs one serving as outside source and one serving as inside target.
View 2 Replies View RelatedI run ubuntu on home pc and am very happy with it. I use internet to surf and to see my email on gmail.com etc. What commands should I give to setup ufw firewall so that only this much is allowed? Also, where can I see if some other connections have been blocked?
View 9 Replies View RelatedI am trying to setup a firewall using Centos 5.5. The machine has 2 NICs, one connecting to the ISP/Modem and the other connected to a DIR-655 wireless router. The nic is connecting to the internet port on the router.
I do not want DHCP on the Firewall machine but on the wireless router.
[ISP/Modem]<--->[machine eth0]<--->[machine eht1]<--->[DIR-655 internet port]
IP from ISP Dynamic 192.168.1.1 192.168.1.2
IP's on the DIR-655 LAN will be 124.168.0.0/24 network lets say.
I have setup routes on the eth0 192.168.0.0/24 and 124.168.0.0/24
and added 124.168.0.0/24 to eth1.
I can ping eth0 and eth1 but cannot ping 192.168.1.2.
this setup is not actually connected to the internet so I disabled iptables to try testing the ping and still no good.
I got Shorewall firewall all Set-up perfect but I'm stuck at 1 last bit. The aim is to let on 2 clients max onto my server. I have the policy setup in webmin as.
Uploaded with ImageShack.us
More than 2 clients can get onto the server. The aim is to have it as a ddos protection allowing 100 clients on and a max burst of 10 clients at a time.
We have a new Bussiness DSL line with 16 public addresses.What we want is to setup a DMZ to run some services and internet to the LAN. Here's a schematic of what we want:
Code:
Backup Internet Main Internet
connection connection
| |
| |
SDSL Modem BDSL Modem
[code]....
The webserver has the following settings:
IP: 12.34.56.125
subnet: 255.255.255.240
gateway: 12.34.56.126
What IPTABLES rules do i need to setup to "see" all IP's in the DMZ-2 from the internet?
I am attempting to set up a firewall in my home network environment. the rest of the environment is windows, sorry I am attempting now so bear with me. what I have is a cable modem coming in, then my fedora 11 box with 2 nics, then the wireless router and the rest of the network.
everything works fine until I put the linux box in. If I put the firwall in the firewall sees the internet but the wireless router directly after does not. I am doing something wrong with the dhcp I am guessing. I dont want the firewall to give the address to the network I want the router to. I tried to get the firewall to do it (yum install dhcp leafnode) but it kept saying something didn't work right.
so I figure I will let the cable modem give the firewall an ip and the router give the rest of the network their ip's but how do I get the firewall and router to see each other and allow passthrough?
I currently want to set up a network with 2 Ubuntu servers (mail and web) in a DMZ in order to separate them from an internal network. I want to use a dedicated Linux firewall. This firewall will have 3 network interfaces on it. One network interface will connect to the external router/modem (router and modem in one box), one interface will connect to the DMZ and the other interface will connect to the internal network. The router/modem lets you put, I think it's 1 or 2, interfaces in a DMZ.
But, when I think of any of the dedicated firewall's or servers' interfaces it doesn't make sense to me to put any of them in the router/modem's DMZ (I think it would be better for the dedicated firewall's and the servers' interfaces to have static private I.Ps ie 192.168.2.4 etc right?). What I mean is that even if, as far as the router/modem is concerned, none of the interfaces were in a DMZ, the area where the servers are would still effectively be a perimeter network and with such a set up would still be, effectively,a DMZ, right?
I was wondering if there is an easy tutorial and/or explaination on how to create Public SSH Keys. Most of what I found is hard to follow and I would need to create on to join groups with the Fedora Project.
View 6 Replies View RelatedUsing Windows, I always set a Restrictive firewall policy with a third party firewall. But I also had all ports set to Stealth, something that appears to not offer any security benefits (as I've learned from reading Ubuntu forums). I'd like to learn about best security practices (under Ubuntu) for outgoing firewall protection. I will be using the built-in Ubuntu firewall that is configured via Firestarter. Outgoing filtering offers privacy as well as security benefits. But I thought I needed my ports stealthed to be safe too, so I'm open to learning new things.
I wanted to start a poll to find out how many folks use permissive/restrictive, but no polls allowed here apparently.Could Ubuntu users knowledgeable about firewalls enlighten me on whether I should go Outbound-Restrictive and what applications I will need to allow so Ubuntu "housekeeping" is not affected negatively? I basically just use the internet for software updates, web-surfing and e-mail. One question I have is whether there is something comparable in Ubuntu to Window's "DNS Client" service? I always disabled Window's "DNS Client" and forced each application to request port 53 DNS lookups itself.I only had to allow four programs to accomplish all internet traffic that I engage in. I set all other programs/applications to be either Blocked or to have to Ask for an outgoing connection as needed.Here is my former Windows XP setup:
svchost.exe: allow UDP for ports 53, 67, 68, 123 (time) and TCP for ports 80, 443
Avast: allow UDP for port 53 and TCP for port 80
firefox: allow UDP for port 53 and TCP for ports 80, 443
IE: allow UDP for port 53 and TCP for ports 80, 443
Currently I am working on one project in which I am transferring existing setup to Open Source platform. I am having brand new IBM server with two NIC card and want to setup Firewall. I am searching for good solution which suits to me. Which firewall system I should go for? I am thinking of IPCop.
1) Firewall should support OpenVPN
2) Easy to manage for Resident technician
3) Should be block streaming, facebook and others sites.
Compare Fedora's default fonts with Ubuntu's here and here. This is basically a simple "cheat" version for F11 of Breb's original thread, that thread has links to some excellent resources and info if you want to really understand what's going on.
UPDATE: directfb and xcb-util packages must be installed, check by doing: 'yum install directfb xcb-util' 0. In your home directory create a file named .Xresources (don't forget the dot) with this line:
Code:
Xft.lcdfilter: lcddefault
1. Now, as root, create a directory for the libs that we will replace, and backup the current libs:
Code:
su -
mkdir -p ufonts/fedora
cd ufonts
cp -a /usr/lib/lib{cairo,freetype,pixman,Xft}* fedora/
(For x86_64, replace /usr/lib/ by /usr/lib64/ in the above and everywhere below)
2. Extract the required ubuntu libs from these debian packages, libcairo2, libfreetype6, libxft2, libpixman-1-0 or just unpack one of these tarballs 32bit libs, 64bit libs so that you have these libs in ufonts/ (64bit sizes will be larger):
Code:
$ ls -l
...
drwxrwxr-x. 2 user user 4096 2009-06-25 20:37 fedora
[code]...
how nepomuk is supposed to work on opensuse 11.4 KDE? My nepomuk is active but it always says in "systemsettings" that 0 files are indexed. When I do a search via Dolphin, it never finds a file. It doesn't matter if I select "from here" or "everywhere". I also tried to select the root dir '/' to look for files to index, but still nepomuk says 0 files are indexed and dolphin finds nothing.
View 6 Replies View RelatedI need some help desperately. I am trying to install Series 7 for Dummies on Zorin OS 4. I was able to get Wine to recognize the program by copying the .exe files from the CD to the hard drive as the CD installation directly wasn't working. Now however the prompted Series 7 installation window that asks you to "Accept" or "Decline" will not move when I click "Accept". How can I resolve this? I am thinking it has something to do with either Java or Flash since this is an interactive program where multiple-choice questions are answered by clicking on them.
View 2 Replies View Related