Ubuntu Security :: Firewall Settings In A Network With It And XP

Jan 18, 2011

I run a small (cabled) network between a desktop with XP with two printers hooked to it and a laptop with Ubuntu 10.04.1 64b. I can approach and use these printers from my laptop and filesharing works also. BUT ... this only works when my Ubuntu firewall (Gufw 10.04.5) is switched off. I am operating behind my router_modem which has a hardware type of firewall switched on at all times so I presume I'm safe. Now my questions:

1. Is this really safe enough?
2. What kind of settings would Gufw need to be able to use it AND use my mini-network for printing? I have no experience whatsoever with firewall rules and settings.

View 1 Replies


Ubuntu Security :: Firewall - IPTables Stock Settings Safe?

Apr 15, 2010

So I know Linux has iptables, I'm rather new to linux, and I'm wondering, are the stock settings with Ubuntu/Kubuntu safe? Is there anything I need to do make them more secure? I tried adding rules myself for some things but ended up just not being able to do anything so I had to reset back to stock with iptables -F. Should I be safe running as-is?

View 4 Replies View Related

Ubuntu Security :: Install A Firewall GUI And Make Special Settings?

Aug 19, 2010

I just erased WinXp and installed Ubuntu on old laptop. I intend to use it later ot connect to public Wi-Fi. Do i need to install a firewall GUI and make any special settings? I didn't encrypt home folder during installation. I probably should have done it. But i am already low on system resources (224MB ram, 1.2Ghz CPU). Would that use up any additional resources? Would it make computer run slower? Can i still encrypt the home folder after i installed the system?

View 3 Replies View Related

Security :: IPtables Firewall Settings With Virtual Interface

Aug 12, 2010

I have a server with 14 IP's on eth0. I'm using virtual interfaces to handle the IP's, but the iptables don't seem to work on the virtual interface. It blocks ports that I want open. I'm not that great with iptables, I use what I have because it works for me, but as far as tweaking it, I'm pretty lost.

My iptables:
# Simple Firewall configuration
# Set default policies --------
# Internal Networks -----------
#-A INPUT -s <private.class.C>/24 -d <private.class.C>/24 -i eth1 -j ACCEPT
# Loopback --------------------
-A INPUT -s 0/0 -d 0/0 -i lo -j ACCEPT
# Accept established connections
# Services --------------------
# For SSH gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state NEW -j ACCEPT
# For SMTP gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state NEW -j ACCEPT
# For FTP server
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 53 -m state --state NEW -j ACCEPT
# HTTP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 80 -m state --state NEW -j ACCEPT
# HTTPS services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 443 -m state --state NEW -j ACCEPT
# POP-3 services
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 110 -m state --state NEW -j ACCEPT
# IMAP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 143 -m state --state NEW -j ACCEPT
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 8443 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT

# Disallow fragmented packets
# Log & Block broadcast packets
-A INPUT -d -j LOG
# Log & Block multicast packets
-A INPUT -d -j LOG
# Log and drop all other incoming packets

View 18 Replies View Related

OpenSUSE Network :: Firewall Settings - Configure - Interface Isn't Assigned To Any Zone?

Apr 20, 2010

I have a work desktop plugged into the work network. As I opened my firewall settings I noticed that it is turned off. My question is how should I configure it? I saw that the interface isn't assigned to any zone... I should assign to internal zone and open some port that I need in order to work? There are some guidelines for configuring the firewall?

View 2 Replies View Related

OpenSUSE Network :: Increase Network Security> Personal Firewall?

Apr 7, 2011

I want some advice for making my system more secure. I want deactivate any network connection that is unnecessary. Only my browser and the update ability of zypper should have access to the internet. On windows there are personal firewalls.

How can I block internetaccess for all other programmes on openSUSE?

View 8 Replies View Related

Ubuntu Security :: Firewall: Completely Prevent Any Traffic From Network?

Jan 4, 2010

I have Ubuntu 8.04 as virtual host. On this host I have installed VirtualBox virtualization software. I have installed Windows XP as virtual machine and installed HTTP server.I would like temporally disable all network connections to host and virtual machine.So on Ubuntu host I have set firewall settings:

sudo iptables -F (to flush - delete all firewall settings)
sudo iptables -P INPUT DROP (to disable all input traffic)


View 9 Replies View Related

Security :: Dedicated Firewall - Network Setup With Two Servers In DMZ

Jan 3, 2011

I currently want to set up a network with 2 Ubuntu servers (mail and web) in a DMZ in order to separate them from an internal network. I want to use a dedicated Linux firewall. This firewall will have 3 network interfaces on it. One network interface will connect to the external router/modem (router and modem in one box), one interface will connect to the DMZ and the other interface will connect to the internal network. The router/modem lets you put, I think it's 1 or 2, interfaces in a DMZ.

But, when I think of any of the dedicated firewall's or servers' interfaces it doesn't make sense to me to put any of them in the router/modem's DMZ (I think it would be better for the dedicated firewall's and the servers' interfaces to have static private I.Ps ie etc right?). What I mean is that even if, as far as the router/modem is concerned, none of the interfaces were in a DMZ, the area where the servers are would still effectively be a perimeter network and with such a set up would still be, effectively,a DMZ, right?

View 7 Replies View Related

Security :: Implementation Of Distributed Firewall In A Local Area Network?

Apr 6, 2011

I want to know the details about the implementation of distributed firewall in a local area network

View 5 Replies View Related

Security :: Open Source Tool To Monitor Network Latency Due To Software / Hardware Firewall?

Feb 10, 2011

Recommend open source tools that can help in figuring out if we are experiencing a network latency due to the newly installed firewall on our server.

View 1 Replies View Related

Security :: Use Iptables As Firewall Instead Of Juniper Firewall?

May 9, 2011

Can we use iptables as firewall instead of Juniper firewall

View 2 Replies View Related

OpenSUSE Network :: Firewall Logs Are In /var/log/{firewall,warn,messages} - Clutter?

Mar 25, 2011

I suspect this is an initial configuration bug. All firewall logs seem to be going to all
three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.

View 9 Replies View Related

Security :: POP3 Through Iptyables And ConfigServer Security And Firewall

Sep 23, 2010

I have a Suse11 box with 2 network cards:

I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22

View 2 Replies View Related

Ubuntu Networking :: Firewall Settings : Unable To Configure For Apt-get And Dns?

Mar 28, 2010

I have tried various rules, like opening port 53 for the DNS with little success. I finally figured that you need to set the source port to 53 and NOT the destination port.However, I have been unable to figure out what ports apt-get requires. The only way I get it to work is to accept everything in iptables.

View 1 Replies View Related

OpenSUSE :: Firewall Settings For Shared Printer?

Apr 6, 2011

what I need to do to the firewall in order to make a shared printer available to other machines on my network?

I have the printer set up and have tested it with the firewall switched off, but as soon as I restart the firewall, the printer is inaccessible.

I thought that all traffic on the internal network was allowed, but it seems that I need to create an explicit rule in order to get the shared printer working. Unfortunately, I haven't been able to figure out how to do that yet.

View 2 Replies View Related

Security :: Security - Virus - Firewall Protection ?

Feb 23, 2011

I tried installing F-prot's linux scanner but it doesn't seem to want to install and I am tired of messing with it.

So I am wondering if I even need it or if there is something else.

I am behind a firewall already with my router if that helps any.

I guess I am having trouble understanding why virus protection is less necessary.

Do people not write viruses for linux systems?

View 7 Replies View Related

Networking :: Squid And Firewall Settings - Restrict To Local Client?

Mar 3, 2011

i have configured the squid for my lan. My lan has three redhat 5.3 web servers. Now by using proxy server, i wish to give access to external clients for my web server and restrict to local client, accessing wan through port 80

View 2 Replies View Related

Security :: Proper Security Settings For Virtual Hosting Of Domains?

Jan 30, 2010

I have a CentOS 5 server in which I use Virtual Hosting and each domain has its own user/pass for login to upload files. The path is /var/www/vhosts/domain name]/httpdocs/What im attempting is setting up the creation of the [domain name] folder from an administration backend under PHP, which I am developing. What Im worried about is if I allow PHP to run command line commands such as mkdir, then what is stopping anyone from doing the same from their php files on my server??? What is the best way to properly setup my server to allow automated creation of the domain structure within my folder system

View 3 Replies View Related

OpenSUSE Network :: Samba And Firewall / Samba Is Not Working When Firewall Is On?

Jul 26, 2010

Samba is working correctly if Susefirewall2 is off. I have added Samba client and Samba Services for extern access but samba is not working when firewall is now on. Which services should I also add ?

View 1 Replies View Related

Ubuntu Security :: Get VNC Through Firewall?

Jul 20, 2010

I have Ubuntu running on an old PE server. It is running Virtualbox with an instance of Ubuntu inside. The instance is there to run my honeypot.

The server box IP is192.168.1.10. The Virtualbox is bridged with it's own IP of The honeypot daemon is listening to with arpd.

I set up the UFW with DENY. And then enabled only the ports leading to the honeypot scripts which are abound to IP .201. I then forwarded the ports necessary to run VNC to .200.

Here is the UFW status:
buntu@ubuntu-desktop:/var/lib$ sudo ufw status
Status: active
To Action From
-- ------ ---- 21/tcp ALLOW 21/tcp 4444/tcp ALLOW 4444/tcp 5544/tcp ALLOW 5544/tcp


View 8 Replies View Related

Ubuntu Security :: Do I Need To Turn A Firewall On?

May 23, 2010

Will I need to actiavte the firewall that comes with Ubuntu since I'm using Transmission?

View 9 Replies View Related

Security :: Good Firewall To Use With Ubuntu?

Aug 13, 2010

I am new to the Ubuntu/Linix world (less than a week).

I have tried the search, but have had difficulty finding threads on this.

Can someone recommend an excellent firewall to use with Ubuntu?

View 9 Replies View Related

Ubuntu Security :: Hardening My Firewall ?

Aug 14, 2010

I have a VPS (Ubuntu 8.04 server eition) and as such am stuck with using a software firewall.

i currently have UFW installed.

I would ideally like to have my firewall be a little rude, or rather just not polite. I know what i am asking will break the RFC, but i consider this ok due to the security benefits.

I would like to have my firewall
1) ignore (eg drop without responding)all packets that dont start with a syn flag
2)for all other traffic that is currently blocked, have it dropped (again drop it without responding)

If there are any other rules you can think of i would like to know them. I already have only the services i want open and the rest blocked.

View 7 Replies View Related

Ubuntu Security :: Robust Firewall With GUI For 10.04

Nov 4, 2010

I've been using Windows for quite a few years now. I loved the way how I used to set incoming/outgoing rules for my applications. But I'm having hard time doing that in Ubuntu. I tried searching for a good GUI for iptables but I need your help selecting the best. I might learn iptables someday but for the time being I will be using a nice GUI. I'm currently using GUFW, I've tried Firestarter. All I need is a firewall that would allow me to configure rules for my applications.

View 9 Replies View Related

Ubuntu Security :: Allow SSH Tunnel Through Ufw Firewall?

Jun 15, 2011

I have set up a Ubuntu 10.10 server. I have been using ssh tunnels to encrypt my web traffic at public wifi. I am trying to make this server as secure as posible so I enabled ufw. I allowed SSH and HTTP traffic in and denied everything else. But when I do that I can not use SSH -D because when I try to visit a webpage it does not load and I get the following.

uname@mybox:~$ channel 3: open failed: connect failed: Connection timed out
uname@mybox:~$ fclchannel 4: open failed: connect failed: Connection timed out
uname@mybox:~$ exit

What do I have to do to allow ufw to allow ssh tunnels through?

View 4 Replies View Related

Ubuntu Security :: UFW - How To Setup Firewall

Jun 21, 2011

I am a Linux newbie so please bear with me if I sound stupid. I was checking out how to set up a firewall for my system and landed on this webpage: [URL]. But I am so confused with how this ufw application works. What I understand is that once I set it to "default deny" it prevents unauthorized incoming connection but what does it mean when the author says to add exceptions for services I need? When do I need to do that? Also what's an SSH server?

View 2 Replies View Related

Security :: Set Up IDS And Firewall?

Feb 13, 2010

i want set up IDS(Intrusion detection system) and Firewall in my home just for learning.. The Goal is learn IDS log and Firewall log..

View 4 Replies View Related

Ubuntu Security :: How To Make A Transparent Firewall

Apr 14, 2010

I'm involved in a project to students set up a network security training lab using vmware. I want to simulate (in a very rough way) scanning through a poorly configured router or firewall. The easiest way I can think of to simulate this is to use a linux vmware image with two virtual nic cards to act as a firewall with the attacker on the outside network and a domain controller, web server, and database server on the inside network.

I would like to start students off with a firewall script that exposes everything on their internal network to the attacker. Is there an easy way to (mis)configure iptables to do this?. The model I'm trying to replicate is something like this. Attackers were on a 10.10.x.x network, defenders were on a 192.168.x.x network. As an attacker I could nmap 192.168.x.x and see every machine and every service on the defenders side even if they moved a service to an unexpected location. how I can implement a similar configuration using a linux image as firewalls/routers in vmware?

View 1 Replies View Related

Ubuntu Security :: Clarification On Firewall Rules?

May 9, 2010

I have a set of iptables rules generated by Firestarter, and i'm in the process of trying to familiarise myself with iptables itself, but there's one particular rule which is confusing me, perhaps somebody could explain it to me

My INPUT chain reads as follows:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- cdns01.plus.net anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- cdns01.plus.net anywhere
ACCEPT tcp -- cdns02.plus.net anywhere tcp flags:!FIN,SYN,RST,ACK/SYN


Given that the firewall is actually blocking packets, it can't be this simple, so what am I missing?

View 1 Replies View Related

Ubuntu Security :: Firewall Showing SSH Attempts Quite Often

Sep 30, 2010

I'm running the firestarter firewall and its been showing the odd ssh attempt quite often. e.g. I've had 4 attempts today, 3 in the last 40mins. I realize that this may be nothing to serious but it's got me curious, aside from having a secure password (which I have) is there anything that else that I can do to ensure that my system is as secure as possible from ssh? I do use ssh within my home network so I don't want to disable it completely.

View 9 Replies View Related

Copyrights 2005-15 www.BigResource.com, All rights reserved