Ubuntu Security :: Firewall Settings In A Network With It And XP
Jan 18, 2011
I run a small (cabled) network between a desktop with XP with two printers hooked to it and a laptop with Ubuntu 10.04.1 64b. I can approach and use these printers from my laptop and filesharing works also. BUT ... this only works when my Ubuntu firewall (Gufw 10.04.5) is switched off. I am operating behind my router_modem which has a hardware type of firewall switched on at all times so I presume I'm safe. Now my questions:
1. Is this really safe enough?
2. What kind of settings would Gufw need to be able to use it AND use my mini-network for printing? I have no experience whatsoever with firewall rules and settings.
So I know Linux has iptables, I'm rather new to linux, and I'm wondering, are the stock settings with Ubuntu/Kubuntu safe? Is there anything I need to do make them more secure? I tried adding rules myself for some things but ended up just not being able to do anything so I had to reset back to stock with iptables -F. Should I be safe running as-is?
I just erased WinXp and installed Ubuntu on old laptop. I intend to use it later ot connect to public Wi-Fi. Do i need to install a firewall GUI and make any special settings? I didn't encrypt home folder during installation. I probably should have done it. But i am already low on system resources (224MB ram, 1.2Ghz CPU). Would that use up any additional resources? Would it make computer run slower? Can i still encrypt the home folder after i installed the system?
I have a server with 14 IP's on eth0. I'm using virtual interfaces to handle the IP's, but the iptables don't seem to work on the virtual interface. It blocks ports that I want open. I'm not that great with iptables, I use what I have because it works for me, but as far as tweaking it, I'm pretty lost.
My iptables: # Simple Firewall configuration # # Set default policies -------- *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] # # Internal Networks ----------- #-A INPUT -s <private.class.C>/24 -d <private.class.C>/24 -i eth1 -j ACCEPT # # Loopback -------------------- -A INPUT -s 0/0 -d 0/0 -i lo -j ACCEPT # # Accept established connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # # Services -------------------- # # For SSH gateway -A INPUT -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state NEW -j ACCEPT # # For SMTP gateway -A INPUT -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state NEW -j ACCEPT # # For FTP server -A INPUT -p tcp -s 0/0 -d 0/0 --dport 20 -m state --state NEW -j ACCEPT -A INPUT -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state NEW -j ACCEPT -A INPUT -p udp -s 0/0 -d 0/0 --dport 53 -m state --state NEW -j ACCEPT # # HTTP services -A INPUT -p tcp -s 0/0 -d 0/0 --dport 80 -m state --state NEW -j ACCEPT # # HTTPS services -A INPUT -p tcp -s 0/0 -d 0/0 --dport 443 -m state --state NEW -j ACCEPT # # POP-3 services #-A INPUT -p tcp -s 0/0 -d 0/0 --dport 110 -m state --state NEW -j ACCEPT # # IMAP services -A INPUT -p tcp -s 0/0 -d 0/0 --dport 143 -m state --state NEW -j ACCEPT # #PLESK #-A INPUT -p tcp -s 0/0 -d 0/0 --dport 8443 -m state --state NEW -j ACCEPT # #Games -A INPUT -p tcp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT -A INPUT -p udp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT -A INPUT -p tcp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT -A INPUT -p udp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT -A INPUT -p tcp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT -A INPUT -p udp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT -A INPUT -p tcp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT -A INPUT -p udp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT -A INPUT -p udp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT -A INPUT -p tcp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT -A INPUT -p udp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT -A INPUT -p tcp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT -A INPUT -p udp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT -A INPUT -p tcp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT -A INPUT -p tcp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT -A INPUT -p udp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
# Disallow fragmented packets -A INPUT -f -j DROP # # Log & Block broadcast packets -A INPUT -d 255.255.255.255/0.0.0.255 -j LOG -A INPUT -d 255.255.255.255/0.0.0.255 -j DROP # Log & Block multicast packets -A INPUT -d 188.8.131.52 -j LOG -A INPUT -d 184.108.40.206 -j DROP # # Log and drop all other incoming packets -A INPUT -j LOG -A INPUT -j DROP # COMMIT
I have a work desktop plugged into the work network. As I opened my firewall settings I noticed that it is turned off. My question is how should I configure it? I saw that the interface isn't assigned to any zone... I should assign to internal zone and open some port that I need in order to work? There are some guidelines for configuring the firewall?
I want some advice for making my system more secure. I want deactivate any network connection that is unnecessary. Only my browser and the update ability of zypper should have access to the internet. On windows there are personal firewalls.
How can I block internetaccess for all other programmes on openSUSE?
I have Ubuntu 8.04 as virtual host. On this host I have installed VirtualBox virtualization software. I have installed Windows XP as virtual machine and installed HTTP server.I would like temporally disable all network connections to host and virtual machine.So on Ubuntu host I have set firewall settings:
Code: sudo iptables -F (to flush - delete all firewall settings) sudo iptables -P INPUT DROP (to disable all input traffic)
I currently want to set up a network with 2 Ubuntu servers (mail and web) in a DMZ in order to separate them from an internal network. I want to use a dedicated Linux firewall. This firewall will have 3 network interfaces on it. One network interface will connect to the external router/modem (router and modem in one box), one interface will connect to the DMZ and the other interface will connect to the internal network. The router/modem lets you put, I think it's 1 or 2, interfaces in a DMZ.
But, when I think of any of the dedicated firewall's or servers' interfaces it doesn't make sense to me to put any of them in the router/modem's DMZ (I think it would be better for the dedicated firewall's and the servers' interfaces to have static private I.Ps ie 192.168.2.4 etc right?). What I mean is that even if, as far as the router/modem is concerned, none of the interfaces were in a DMZ, the area where the servers are would still effectively be a perimeter network and with such a set up would still be, effectively,a DMZ, right?
I suspect this is an initial configuration bug. All firewall logs seem to be going to all three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22
I have tried various rules, like opening port 53 for the DNS with little success. I finally figured that you need to set the source port to 53 and NOT the destination port.However, I have been unable to figure out what ports apt-get requires. The only way I get it to work is to accept everything in iptables.
what I need to do to the firewall in order to make a shared printer available to other machines on my network?
I have the printer set up and have tested it with the firewall switched off, but as soon as I restart the firewall, the printer is inaccessible.
I thought that all traffic on the internal network was allowed, but it seems that I need to create an explicit rule in order to get the shared printer working. Unfortunately, I haven't been able to figure out how to do that yet.
i have configured the squid for my lan. My lan has three redhat 5.3 web servers. Now by using proxy server, i wish to give access to external clients for my web server and restrict to local client, accessing wan through port 80
I have a CentOS 5 server in which I use Virtual Hosting and each domain has its own user/pass for login to upload files. The path is /var/www/vhosts/domain name]/httpdocs/What im attempting is setting up the creation of the [domain name] folder from an administration backend under PHP, which I am developing. What Im worried about is if I allow PHP to run command line commands such as mkdir, then what is stopping anyone from doing the same from their php files on my server??? What is the best way to properly setup my server to allow automated creation of the domain structure within my folder system
I have Ubuntu running on an old PE server. It is running Virtualbox with an instance of Ubuntu inside. The instance is there to run my honeypot.
The server box IP is192.168.1.10. The Virtualbox is bridged with it's own IP of 192.168.1.200. The honeypot daemon is listening to 192.168.1.201 with arpd.
I set up the UFW with DENY. And then enabled only the ports leading to the honeypot scripts which are abound to IP .201. I then forwarded the ports necessary to run VNC to .200.
Here is the UFW status: buntu@ubuntu-desktop:/var/lib$ sudo ufw status Status: active To Action From -- ------ ---- 192.168.1.201 21/tcp ALLOW 21/tcp 192.168.1.201 4444/tcp ALLOW 4444/tcp 192.168.1.201 5544/tcp ALLOW 5544/tcp
I have a VPS (Ubuntu 8.04 server eition) and as such am stuck with using a software firewall.
i currently have UFW installed.
I would ideally like to have my firewall be a little rude, or rather just not polite. I know what i am asking will break the RFC, but i consider this ok due to the security benefits.
I would like to have my firewall 1) ignore (eg drop without responding)all packets that dont start with a syn flag 2)for all other traffic that is currently blocked, have it dropped (again drop it without responding)
If there are any other rules you can think of i would like to know them. I already have only the services i want open and the rest blocked.
I've been using Windows for quite a few years now. I loved the way how I used to set incoming/outgoing rules for my applications. But I'm having hard time doing that in Ubuntu. I tried searching for a good GUI for iptables but I need your help selecting the best. I might learn iptables someday but for the time being I will be using a nice GUI. I'm currently using GUFW, I've tried Firestarter. All I need is a firewall that would allow me to configure rules for my applications.
I have set up a Ubuntu 10.10 server. I have been using ssh tunnels to encrypt my web traffic at public wifi. I am trying to make this server as secure as posible so I enabled ufw. I allowed SSH and HTTP traffic in and denied everything else. But when I do that I can not use SSH -D because when I try to visit a webpage it does not load and I get the following.
Code: uname@mybox:~$ channel 3: open failed: connect failed: Connection timed out ^C uname@mybox:~$ fclchannel 4: open failed: connect failed: Connection timed out ^C uname@mybox:~$ exit logout
What do I have to do to allow ufw to allow ssh tunnels through?
I am a Linux newbie so please bear with me if I sound stupid. I was checking out how to set up a firewall for my system and landed on this webpage: [URL]. But I am so confused with how this ufw application works. What I understand is that once I set it to "default deny" it prevents unauthorized incoming connection but what does it mean when the author says to add exceptions for services I need? When do I need to do that? Also what's an SSH server?
I'm involved in a project to students set up a network security training lab using vmware. I want to simulate (in a very rough way) scanning through a poorly configured router or firewall. The easiest way I can think of to simulate this is to use a linux vmware image with two virtual nic cards to act as a firewall with the attacker on the outside network and a domain controller, web server, and database server on the inside network.
I would like to start students off with a firewall script that exposes everything on their internal network to the attacker. Is there an easy way to (mis)configure iptables to do this?. The model I'm trying to replicate is something like this. Attackers were on a 10.10.x.x network, defenders were on a 192.168.x.x network. As an attacker I could nmap 192.168.x.x and see every machine and every service on the defenders side even if they moved a service to an unexpected location. how I can implement a similar configuration using a linux image as firewalls/routers in vmware?
I have a set of iptables rules generated by Firestarter, and i'm in the process of trying to familiarise myself with iptables itself, but there's one particular rule which is confusing me, perhaps somebody could explain it to me
I'm running the firestarter firewall and its been showing the odd ssh attempt quite often. e.g. I've had 4 attempts today, 3 in the last 40mins. I realize that this may be nothing to serious but it's got me curious, aside from having a secure password (which I have) is there anything that else that I can do to ensure that my system is as secure as possible from ssh? I do use ssh within my home network so I don't want to disable it completely.