I get all my traffic from my router, as this computer seldom moves. So is there a use for a firewall?I am not sure, because when I scan my IP address with nmap, no matter what the changes I make in the firewall, it is always the same scan...cannot fingerprint OS...and all closed ports.The all closed ports thing only changes when i torrent, then i get a wide open port.
View 14 RepliesI am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application. I have a linux box with two NIC cards and what I thought is the following: Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations.
I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.
Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.
Is there any point to running a personal firewall when using a linux live CD or DVD with a dialup internet connection? My chief concern is compromise of the underlying Windows installation. I do not need corporate-grade security.
View 11 Replies View RelatedI have Ubuntu 8.04 as virtual host. On this host I have installed VirtualBox virtualization software. I have installed Windows XP as virtual machine and installed HTTP server.I would like temporally disable all network connections to host and virtual machine.So on Ubuntu host I have set firewall settings:
Code:
sudo iptables -F (to flush - delete all firewall settings)
sudo iptables -P INPUT DROP (to disable all input traffic)
[code]....
I have a question, on my firewall at work I am seeing a constant flow of denies from many different source IP addresses, of tcp/udp destination port 53372 & 53375.What in the world is that, and why these two ports over and over
View 1 Replies View RelatedI want to have a firewall that is connected to my modem and router and have it function as just a firewall no dhcp no routing is that possible?
View 3 Replies View RelatedI am trying to setup a firewall using Centos 5.5. The machine has 2 NICs, one connecting to the ISP/Modem and the other connected to a DIR-655 wireless router. The nic is connecting to the internet port on the router.
I do not want DHCP on the Firewall machine but on the wireless router.
[ISP/Modem]<--->[machine eth0]<--->[machine eht1]<--->[DIR-655 internet port]
IP from ISP Dynamic 192.168.1.1 192.168.1.2
IP's on the DIR-655 LAN will be 124.168.0.0/24 network lets say.
I have setup routes on the eth0 192.168.0.0/24 and 124.168.0.0/24
and added 124.168.0.0/24 to eth1.
I can ping eth0 and eth1 but cannot ping 192.168.1.2.
this setup is not actually connected to the internet so I disabled iptables to try testing the ping and still no good.
There are routers with firewalls which you cannot configure - you just use those routers and get some protection from Internet attacks. Is it possible to configure iptables on GNU/Linux machine so that you'll get better protection than the protection you get from those kind of routers?
View 4 Replies View RelatedIn an effort to learn more about firewalls and iptables I have left behind gui set-up tools and have setup a firewall using iptables that logs to its own file. The firewall is as follows:
Code:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:TCP - [0:0]
[Code]...
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies View RelatedWithin the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.
Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show. To see what I am talking about see page(s) 6-7 here -> [URL]
If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.
I would like to know the blocking methode In a Firewall or a Router.whether i will be done by Protocol wise, ho? or it will done through Host wise, How ?
View 2 Replies View RelatedI was wondering how much resources are necessary to run OpenVPN on a router or router computer at speeds of 50 Mbit/s. (I've Googled this and have found the results to be unclear)
View 3 Replies View RelatedI wish to prevent some programs from "phoning home", and to allow other programs to access only specific web servers.Is there any way to interactively allow or decline outbound communication from individual programs on Ubuntu?
View 4 Replies View RelatedDoes anyone know if it is possible to filter/block network traffic between internal hosts on a lan?
Eg. : Linux firewall/router ( 192.168.0.1) - LAN Default G/W - all internal > external traffic gets filtered.
How would you filter tcp/ICMP/UDP traffic from internal host a ( 192.168.0.2 ) to host b ( 192.168.0.3)
All the internal hosts have the linux f/w as the default gateway, and are all on the same /24 subnet.
I would like to know if I can filter traffic between internal hosts.
Can we use iptables as firewall instead of Juniper firewall
View 2 Replies View RelatedI have a server on my router on the DMZ. All outside traffic goes to it. This server has Apache running and the domain mysite.com resolves to the the DMZ web server. I have a second server on the LAN that also has apache running. I want to set up another domain, myothersite.com to resolve to the second server on the LAN. Since the main server is on DMZ I have the DNS A records for myothersite.com pointing to the public IP that the DMZ is on.
How do I get myothersite.com to resolve to the second webserver on the LAN? What configuration do I need to do on my DMZ server so it routes traffic for myothersite.com to the other server on teh LAN? Do I use BIND DNS? If so please advise on how to set that up. BIND DNS seems confusing and I having trouble knowing how to configuring it. Is there another option besides BIND?
I have a ubuntu computer set up as bridge between gateway and lan, with the lan connected to eth0 and gateway on eth1.
I'm trying to get it to basically block everything incoming except for the ports i specify, but also allow outgoing traffic. I've found, tried, modified som examples i found on the web, but still it wont block incoming traffic (ie, im still able to reach my webserver)
These are the rules, and i can't figure out why it wont block:
Code:
#!/bin/bash
iptables -F
iptables -X
iptables -I INPUT -i eth1 -j DROP
[Code].....
I have installed the graphic user interface for IPtables and enabled this firewall. However, I find it a bit strange. What is the difference between rejecting and denying the traffic? If I want to configure IPtables as two-way, how can I define which of my apps can connect to the internet and which can't? If this firewall is enabled, does it really run in the background, protecting the user,or does it run only when its GUI is opened?
View 9 Replies View Relatedthe 4 port ethernet US Robotics, NAM USR RTR model 8000 1.0, router and printer port works in windows is there any support in linux to make printer driver work ? It is configured in windows xp as local printer through usr server driver.
View 2 Replies View Relatedis it possible to see the router traffic using a remote system? can those packet headers b modified for marking purpose?
View 5 Replies View RelatedI am currently setting up a old box to serve as a general, quality router/fileserver that should give me fine control over my network traffic. This router will serve as the bridge between several local users and the Internet, along with quite a few machines.Traffic is expected to be heavy, in the sense of multiple powerusers using the Internet to the fullest, not from one machine doing anything insane like Torrenting. The connection profile will reflects lots of up and down, not necessarily a huge number of persistent connections.Due to security concerns, the need to build an encrypted tunnel between a SoHo LAN and a dedicated server is unescapable. I'm trying to determine whether I can pull this off with a simple SSH tunnel on the box serving as the local router, or if a VPN (either PPTP or L2TP) is a more appropriate solution.Proxying won't work, because not all apps can easily be socksified across the Windows, GNU/Linux, and OSX platforms that the users will need. For this reason, I have to pull this off strictly at the router level.
I'm not all that familiar with the specific details of each protocol's performance as far as their latency, efficiency, overhead, and fault-tolerance are concerned. I'm less concerned with a protocol taking up CPU as I am with useless bytes and latency it might be introducing to the link. I don't know the low-level nitty gritty of how each protocol encapsulates its traffic.If there is an existing package for this, it would be great, but at this point I'm simply trying to figure out which protocol is more appropriate before I begin digging in the wrong direction. The biggest concern, of course, is that the chosen protocol aggressively re-establish sessions should the connection suddenly drop, which will be a concern given the SoHo line I'll have to work with. The actual outbound server is no concern, as it has four cores and a Gbps line.
I have a desktop, a laptop, & a wireless router. The router, unfortunately, doesn't support dd-wrt, tomato, etc firmware, but I would still like to prioritize voip/web browsing over bulk Internet traffic. I hope I can offload the router's missing QoS to my desktop.
Is it possible to have the laptop's connection go from the wall to the router to the desktop, where the desktop could perform the QoS of tomato, then continue on to the laptop? I'm a bit of a noob to networking (subnets?) but do well enough following good instructions.
As for the program that would do the QoS... Don't some Linux machines basically work as super-powered routers for businesses? So there must be some package but couldn't find one. The closest I got was wondershaper but it only shapes traffic for the computer on which it's installed; it might form part of the solution but falls short on its own. other devices should be able to access the Internet normally if the desktop is turned off, & work with other devices like a (jailbroken) iPod Touch.
In my "computer room" I have an ATT U-Verse TV decoder box and my computer connected to a Netgear Switch. The third port on the switch connects to the ATT router. I've just noticed that when I power on the U-Verse TV box I start getting a lot (200-250 KiB/s) of received packets on my Debian Lenny machine as shown in the System Monitor app. I don't show any outgoing traffic in response. That explains why the lights on the switch are blinking at the same rate for both devices. So, what, if anything, is this telling me? Is this normal, or is the ATT router spamming my Linux machine for some reason? Is this a potential problem?
Added: Or is this just telling me that the NetGear FS-105 is not actually an ethernet switch?
I am using Debian 5 and I have some networking experience, however I want to learn to do this the best way possible. I have a Debian box with two nics and I want to connect that to a switch and use my Debian box as a router basically, as well as having a firewall setup within that too.
Should I use iptables to set up nat or the route command or what? I just want to know the group of tools to use in order to set up my network. Network diagram: Internet <------> Debian Box <----> switch <----> hosts I found some guides but they are for linux 2.4 and i'm not sure if they are right.
switched recently to 11.2 and it works fine for me as workstation I want to set up a router separating a part of the network and also acting as a firewall/proxy... Configured 2 Ethernet Interfaces, checked Ip forwarding in Yast but it does not forward the packets from the "internal" to the "external" network. Hovewer after I set up my router as default for machines on internal network I can ping the external interface but no adress on external network (particularly the one of the default router) !!! From the router I can reach both networks and the net via default gateway on external. Tried to:
a) switch firewall completely off
b) iptables -P FORWARD ACCEPT
c) masquarading internal adresses to the external network
my interfaces configuration looks like:
eth0 Link encap:Ethernet HWaddr 00:13:D4:E3:A2:7B
inet addr:192.168.1.34 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::213:d4ff:fee3:a27b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code].....
I want to setup a router with firewall on ubuntu box that will connect windows pcs one serving as outside source and one serving as inside target.
View 2 Replies View RelatedMy isp gave me a router which has wifi.
I added an ubuntu box acting as a router, so the layout is this:
Now, the lan has 192.168.2.0 subnet, and the external interface of the router is in the 192.168.1.0 subnet
So the problem is that the wifi assigns 192.168.1.0 ip's which doesnt belong or get filtered through my router/firewall...
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
I have a Suse11 box with 2 network cards:
I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22