Ubuntu Security :: Robust Firewall With GUI For 10.04
Nov 4, 2010
I've been using Windows for quite a few years now. I loved the way how I used to set incoming/outgoing rules for my applications. But I'm having hard time doing that in Ubuntu. I tried searching for a good GUI for iptables but I need your help selecting the best. I might learn iptables someday but for the time being I will be using a nice GUI. I'm currently using GUFW, I've tried Firestarter. All I need is a firewall that would allow me to configure rules for my applications.
I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22
Need a good robust configurable DC++ client., because I am getting slow connections with the latest stable and PPA version of Linuxdc++. Yes it may be a unknown config problem, but even with UFW disabled and using "passive" mode, DL's are consistently falling to 500 B/s. Source report that there is no problem at that end.
I have try RAT (Robust Audio Tool) for testing IPv6 unicast (just RAT) and IPv6 multicast (RAT and SDR "Session Directory Tool" ). I meet the problem when testing RAT with unicast (why just two computer that can doing audio conference). i found source of the problem from the RAT faq here: Originally Posted by the source of problem... How to multi-unicast? If you really must... The packet reflector application that we use for debugging may also be used as a packet forwarder between multiple unicast hosts. Documentation is included in the package. This is not incorporated in the application as this mode of operation is evil and should be discouraged unless used for really small groups. Robust Audio Tool but i didn't found the file reflector.tar.gz, i try to use quagga installed from repository (to be reflector) but i don't know how to configure that software.
I have Ubuntu running on an old PE server. It is running Virtualbox with an instance of Ubuntu inside. The instance is there to run my honeypot.
The server box IP is192.168.1.10. The Virtualbox is bridged with it's own IP of 192.168.1.200. The honeypot daemon is listening to 192.168.1.201 with arpd.
I set up the UFW with DENY. And then enabled only the ports leading to the honeypot scripts which are abound to IP .201. I then forwarded the ports necessary to run VNC to .200.
Here is the UFW status: buntu@ubuntu-desktop:/var/lib$ sudo ufw status Status: active To Action From -- ------ ---- 192.168.1.201 21/tcp ALLOW 21/tcp 192.168.1.201 4444/tcp ALLOW 4444/tcp 192.168.1.201 5544/tcp ALLOW 5544/tcp
I have a VPS (Ubuntu 8.04 server eition) and as such am stuck with using a software firewall.
i currently have UFW installed.
I would ideally like to have my firewall be a little rude, or rather just not polite. I know what i am asking will break the RFC, but i consider this ok due to the security benefits.
I would like to have my firewall 1) ignore (eg drop without responding)all packets that dont start with a syn flag 2)for all other traffic that is currently blocked, have it dropped (again drop it without responding)
If there are any other rules you can think of i would like to know them. I already have only the services i want open and the rest blocked.
I have set up a Ubuntu 10.10 server. I have been using ssh tunnels to encrypt my web traffic at public wifi. I am trying to make this server as secure as posible so I enabled ufw. I allowed SSH and HTTP traffic in and denied everything else. But when I do that I can not use SSH -D because when I try to visit a webpage it does not load and I get the following.
Code: uname@mybox:~$ channel 3: open failed: connect failed: Connection timed out ^C uname@mybox:~$ fclchannel 4: open failed: connect failed: Connection timed out ^C uname@mybox:~$ exit logout
What do I have to do to allow ufw to allow ssh tunnels through?
I am a Linux newbie so please bear with me if I sound stupid. I was checking out how to set up a firewall for my system and landed on this webpage: [URL]. But I am so confused with how this ufw application works. What I understand is that once I set it to "default deny" it prevents unauthorized incoming connection but what does it mean when the author says to add exceptions for services I need? When do I need to do that? Also what's an SSH server?
I'm syncing a server over the internet with rsync, but it only works for a few hours before the backup fails with a "No route to host". I can restart the job and it'll will pick up where it left off, but is there an automated way to do this, or protect against a connection failure? I have about 170GB to copy over initially, but I can only get through about 4-5GB before the connection drops--manually restarting the sync everytime it drops will make the initial backup take days...
I'm involved in a project to students set up a network security training lab using vmware. I want to simulate (in a very rough way) scanning through a poorly configured router or firewall. The easiest way I can think of to simulate this is to use a linux vmware image with two virtual nic cards to act as a firewall with the attacker on the outside network and a domain controller, web server, and database server on the inside network.
I would like to start students off with a firewall script that exposes everything on their internal network to the attacker. Is there an easy way to (mis)configure iptables to do this?. The model I'm trying to replicate is something like this. Attackers were on a 10.10.x.x network, defenders were on a 192.168.x.x network. As an attacker I could nmap 192.168.x.x and see every machine and every service on the defenders side even if they moved a service to an unexpected location. how I can implement a similar configuration using a linux image as firewalls/routers in vmware?
I have a set of iptables rules generated by Firestarter, and i'm in the process of trying to familiarise myself with iptables itself, but there's one particular rule which is confusing me, perhaps somebody could explain it to me
I'm running the firestarter firewall and its been showing the odd ssh attempt quite often. e.g. I've had 4 attempts today, 3 in the last 40mins. I realize that this may be nothing to serious but it's got me curious, aside from having a secure password (which I have) is there anything that else that I can do to ensure that my system is as secure as possible from ssh? I do use ssh within my home network so I don't want to disable it completely.
I have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
I know that GNU/Linux does not need a firewall (due to iptables), but I would like a basic firewall that would watch incoming and outgoing connections. I would prefer it to have a try icon and be able to run as a regular user, such that I can add it to my .fluxbox/startup file. Anyone know of any good ones? They don't actually have to interface into iptables (because I would do that myself), but if they do it would be a bonus.
I run a small (cabled) network between a desktop with XP with two printers hooked to it and a laptop with Ubuntu 10.04.1 64b. I can approach and use these printers from my laptop and filesharing works also. BUT ... this only works when my Ubuntu firewall (Gufw 10.04.5) is switched off. I am operating behind my router_modem which has a hardware type of firewall switched on at all times so I presume I'm safe. Now my questions:
1. Is this really safe enough? 2. What kind of settings would Gufw need to be able to use it AND use my mini-network for printing? I have no experience whatsoever with firewall rules and settings.
I am currently trying to make my computer as secure as it can possibly be. I am configuring the firewall to be restrictive by default, but I have some programs that are still unable to connect to the internet.
1. Pidgin Internet Messenger (I use AIM and MSN) 2. Skype
What is a good IP filter/firewall program? Seeing as how I like free softwares, I download a lot of torrents. When I was using Windows, I used PeerBlock (the newer fork of PeerGuardian), however, it's not available for Linux. What would be a good alternative for this in Linux? I tried iplist as it has a GUI, and it was extremely buggy and blocked random web pages even after I put them on the exceptions list. And MoBlock has no GUI from I understand, nor has it been updated in years.
I opened a specific port in my router and manually configured Limewire to use the same port for all traffic, but I notice when I disable and turn off Firestarter when on limewire, my searches go really fast and dowaloads zoom really fast also I am not running as root. Is this ok to temporarly stop the firewall when I am on Limewire and then turn it back on when finished?
I'm looking for a good hardware firewall that will run on an older pc (ie 512 MB RAM and 1GHZ CPU) FOSS is preferable, but not required. I've tried Astaro, but it refuses to load after a restart. I'm hoping for AV as I support Windoze clients, and a VPN. Past that, I can deal with anything.
I've recently installed Ubuntu 10 on my laptop and I'm not sure whether it's safe or not. My question is do I need any antyvirus or firewall to protect my pc against virus, spyware etc.?