Ubuntu Security :: Shorewall Firewall Setup In Webmin?
Jan 3, 2011
I got Shorewall firewall all Set-up perfect but I'm stuck at 1 last bit. The aim is to let on 2 clients max onto my server. I have the policy setup in webmin as.
Uploaded with ImageShack.us
More than 2 clients can get onto the server. The aim is to have it as a ddos protection allowing 100 clients on and a max burst of 10 clients at a time.
I am a Linux newbie so please bear with me if I sound stupid. I was checking out how to set up a firewall for my system and landed on this webpage: [URL]. But I am so confused with how this ufw application works. What I understand is that once I set it to "default deny" it prevents unauthorized incoming connection but what does it mean when the author says to add exceptions for services I need? When do I need to do that? Also what's an SSH server?
I installed ubuntu server and got it set up, and im trying to install shorewall as a firewall, but whenever i do sudo apt-get install shorewall i get a package not found error.
Up until recently, as in a few days ago, I was using Ubuntu and had ufw managing the firewall.It's been "recommended" that iptables itself be used. Where do I do the rules go (as in a file) and how do I call those rules at startup?
I am trying to setup a firewall using Centos 5.5. The machine has 2 NICs, one connecting to the ISP/Modem and the other connected to a DIR-655 wireless router. The nic is connecting to the internet port on the router.
I do not want DHCP on the Firewall machine but on the wireless router.
[ISP/Modem]<--->[machine eth0]<--->[machine eht1]<--->[DIR-655 internet port] IP from ISP Dynamic 192.168.1.1 192.168.1.2
IP's on the DIR-655 LAN will be 124.168.0.0/24 network lets say.
I have setup routes on the eth0 192.168.0.0/24 and 124.168.0.0/24 and added 124.168.0.0/24 to eth1.
I can ping eth0 and eth1 but cannot ping 192.168.1.2.
this setup is not actually connected to the internet so I disabled iptables to try testing the ping and still no good.
I've got a Shorewall (Shoreline?) firewall up and running, but it's logging to /var/log/messages. I'd much rather have it logging to another location e.g. /var/log/firewall but can't find (a clear enough) explanation on how to do this. Apparently, it varies greatly depending on the distro, the kernel, and the version of Shorewall that is running. You'd think it would be something as simple as setting a path in a config file, but apparently not. I'm running a stock Lenny kernel on the firewall machine. It comes with version 4.0.15 of Shorewall.
I currently want to set up a network with 2 Ubuntu servers (mail and web) in a DMZ in order to separate them from an internal network. I want to use a dedicated Linux firewall. This firewall will have 3 network interfaces on it. One network interface will connect to the external router/modem (router and modem in one box), one interface will connect to the DMZ and the other interface will connect to the internal network. The router/modem lets you put, I think it's 1 or 2, interfaces in a DMZ.
But, when I think of any of the dedicated firewall's or servers' interfaces it doesn't make sense to me to put any of them in the router/modem's DMZ (I think it would be better for the dedicated firewall's and the servers' interfaces to have static private I.Ps ie 192.168.2.4 etc right?). What I mean is that even if, as far as the router/modem is concerned, none of the interfaces were in a DMZ, the area where the servers are would still effectively be a perimeter network and with such a set up would still be, effectively,a DMZ, right?
Using Windows, I always set a Restrictive firewall policy with a third party firewall. But I also had all ports set to Stealth, something that appears to not offer any security benefits (as I've learned from reading Ubuntu forums). I'd like to learn about best security practices (under Ubuntu) for outgoing firewall protection. I will be using the built-in Ubuntu firewall that is configured via Firestarter. Outgoing filtering offers privacy as well as security benefits. But I thought I needed my ports stealthed to be safe too, so I'm open to learning new things.
I wanted to start a poll to find out how many folks use permissive/restrictive, but no polls allowed here apparently.Could Ubuntu users knowledgeable about firewalls enlighten me on whether I should go Outbound-Restrictive and what applications I will need to allow so Ubuntu "housekeeping" is not affected negatively? I basically just use the internet for software updates, web-surfing and e-mail. One question I have is whether there is something comparable in Ubuntu to Window's "DNS Client" service? I always disabled Window's "DNS Client" and forced each application to request port 53 DNS lookups itself.I only had to allow four programs to accomplish all internet traffic that I engage in. I set all other programs/applications to be either Blocked or to have to Ask for an outgoing connection as needed.Here is my former Windows XP setup:
svchost.exe: allow UDP for ports 53, 67, 68, 123 (time) and TCP for ports 80, 443 Avast: allow UDP for port 53 and TCP for port 80 firefox: allow UDP for port 53 and TCP for ports 80, 443 IE: allow UDP for port 53 and TCP for ports 80, 443
I posted a previous topic on bridging, and that didn't seem to work, so I went with Shorewall and I'm trying to setup NAT, but I'm struggling very badly. I have the interfaces configured where eth1 is my Local LAN (loc) network, and eth0 connects to my ISP (net). But my problem is that I have no clue how to forward traffic from eth1 to eth0, without using ProxyARP, which routes all traffic to eth1, and doesn't allow traffic out on itself. I've looked at the NAT tutorials, and they don't make sense to me, because I have two interfaces that I want to be able to talk to each other and the internet at the same time. Is there anyone who's good with Shorewall?
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
I have my system set up to where the router(dd-wrt) will send it's syslog messages to my Linux PC system. I am using shorewall as my firewall. I have two questions: How can I configure shorewall to allow the messages from my router? If I use my router IP address to allow the messages to come through the firewall, will this be a great security risk as anything from the internet can come through on that router ipaddress?
I have the Shorewall firewall running on Ubuntu 10.10 server and the issue I am having is the firewall is blocking traffic from my transmission-daemon even though I have allowed it in the /etc/shorewall/rules.
as you can see, Shorewall is rejecting packets with source and destination port 51413 on incoming net2fw and outgoing fw2net even though the rules are set to accept.
I am planning to setup my own webserver using webmin, but from what i've read i apprently need two harddrives. one for the OS & one for the data. can i just partition my harddrive into two because i dont have another hdd lying around. i also just want to note that this is my first time trying to do something like this sooo I rly want to try to set up my own server . As a side note ill list the specs of the comp i plan to use as a server. Pentium 4 2.8ghz, 1gb DDR, 80GB 7200RPM HDD.
i am tring to setup SAMBA with webmin. the problem im having is that i can not login to the shared areas like homes and users. i can see them when i search my network i double click on them and it asks for user name and password. i have already set up a user using the convert unix user to samba user and have set a password. i have set teh Use encrypted passwords? to yes. when i try and log in it say login unsuccesful login or password my be incorect.
setting up SAMBA with webmin? Samba Configuration: i fould this one but didnt help. in uesing suse 11.3 and windows vista
I have a dummy server set up in which I am trying to install webmin (which I have done several times in the past and remb it being straightforward and pretty simple!) however when trying to install I keep getting errors.
I install all the perl packages as required :- sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl After downloading webmin I try and install it:- sudo dpkg -i webmin_ 1.530 _all.deb
This is where I encounter errors regarding apt-show-versions saying that it is not installed.I try and install it but an error appears stating that apt-show-versions is not installed. So I try and install apt-show-versions and that fails as it states that there is libapt package missing too. When I try to force install both - unable to fetch some archives but maybe run apt-get update or fix missing....It just seems like I am going around in circles (as I have run apt-get update and have run the commands as root...)
while some linux distros come with samba pre-installed, webmin doesn't automatically set up itself to interact with it, plus i want to know how to get it working with other unix-like operating system other than gnu/linux (solaris, freeBSD, and mac os x)
I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22
I encountered a a dependency issue when trying to install Webmin on Ubuntu Server Edition 10.04 Beta1.
When you try to install webmin, libmd5-perl is not available in any of the lucid repositories:
I resolved the dependency prob by adding the following repository to my /etc/apt/sources.list: deb [url]
Then I did a sudo apt-get update then sudo apt-get install and libmd5-perl installed fine along with webadmin. BTW. I got a GPG error when doing a apt=get update because I did not import the public key for the debian repos I used to get libdm5-perl, which doesn't matter to me as I commented out the repos once I got libmd5-perl installed.
I have had webmin running previously but i just recently installed Unbuntu server and i am now trying to install webmin. after typing this to install webmin sudo apt-get install webmin it started doing its thing and then it halts.
Giving me the following message: "Package webmin is not available, but is referred to by another package. this may mean that the package is missing, had been obsoleted , or is only available from another source."
The first thing i did after installing webmin was edit the sources.list
Then i tpyed sudo nano sources.list I uncommented everything with "deb" in front of it
I also uncommented
deb cdrom:
I then typed this sudo wget [url]
After getting that i typed this apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl
I run ubuntu on home pc and am very happy with it. I use internet to surf and to see my email on gmail.com etc. What commands should I give to setup ufw firewall so that only this much is allowed? Also, where can I see if some other connections have been blocked?
I'm an it student and a newbie in linux OS. We have this final project that we have to set-up a firewall in a linux redhat OS which i totally have no idea .. i did some research but haven't found the right one.
I'm trying to get OpenMPI (a parallel programming library) working on my home system. I have just two machines on it now, t61 and quad, connected through a router. (Which is also connected to cable modem for internet.) I can ssh between the machnes, mount directories with NFS, etc. However, I just can't get the OpenMPI to run. The OpenMPI message board suggested that the most probable cause is that the firewall is blocking TCP. I don't know how to tell if that's the problem, and can't find any manual for the SuSE firewall, while the various Wikis &c that pop up in a search don't provide any information that addresses my problem.
Recently I have been working on iptables and trying to understand how to use it. Here's a little script I have written to setup a basic firewall for myself:
Code: #!/bin/bash if [ `id -u` -ne 0 ]; then echo "You need root privilege" exit 1 fi
PROG=/sbin/iptables $PROG -F function sethttp { echo "Opening http port..." $PROG -A INPUT -p tcp --dport 80 -j ACCEPT }
function sethttps { echo "Opening https port..." $PROG -A INPUT -p tcp --dport 443 -j ACCEPT }
function settorrent { echo "Opening torrent port..." $PROG -A INPUT -p tcp --dport 52413 -j ACCEPT }
while getopts "hst" option; do case "$option" in h) sethttp;; s) sethttps;; t) settorrent;; *) echo "DOH!" esac done
$PROG -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $PROG -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $PROG -A INPUT -i lo -j ACCEPT $PROG -A OUTPUT -o lo -j ACCEPT $PROG -A INPUT -j DROP $PROG -A FORWARD -j REJECT echo "Done setting up the firewall! Enjoy :)" exit 0
OK, this can take 3 arguments that open ports 80, 443 and 52413. And at the end, some default rules are applied. But here's the thing I don't understand: if I don't give the argument for port 80, I can still view web pages... and also, when I remove the line:
Code: $PROG -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Whether I say it to open port 80 or not, I can't view any web pages.
I have Ubuntu running on an old PE server. It is running Virtualbox with an instance of Ubuntu inside. The instance is there to run my honeypot.
The server box IP is192.168.1.10. The Virtualbox is bridged with it's own IP of 192.168.1.200. The honeypot daemon is listening to 192.168.1.201 with arpd.
I set up the UFW with DENY. And then enabled only the ports leading to the honeypot scripts which are abound to IP .201. I then forwarded the ports necessary to run VNC to .200.
Here is the UFW status: buntu@ubuntu-desktop:/var/lib$ sudo ufw status Status: active To Action From -- ------ ---- 192.168.1.201 21/tcp ALLOW 21/tcp 192.168.1.201 4444/tcp ALLOW 4444/tcp 192.168.1.201 5544/tcp ALLOW 5544/tcp