Ubuntu Security :: How To Make A Transparent Firewall
Apr 14, 2010
I'm involved in a project to students set up a network security training lab using vmware. I want to simulate (in a very rough way) scanning through a poorly configured router or firewall. The easiest way I can think of to simulate this is to use a linux vmware image with two virtual nic cards to act as a firewall with the attacker on the outside network and a domain controller, web server, and database server on the inside network.
I would like to start students off with a firewall script that exposes everything on their internal network to the attacker. Is there an easy way to (mis)configure iptables to do this?. The model I'm trying to replicate is something like this. Attackers were on a 10.10.x.x network, defenders were on a 192.168.x.x network. As an attacker I could nmap 192.168.x.x and see every machine and every service on the defenders side even if they moved a service to an unexpected location. how I can implement a similar configuration using a linux image as firewalls/routers in vmware?
View 1 Replies
ADVERTISEMENT
Feb 23, 2010
I am looking to redesign my network which I'll get into bellow but basically i am looking to setup an transparent/bridged firewall with squid and dansguardian. However, I want to require LDAP authentication to access internet. You'll understand why from diagram below.
My question is, since bridged firewalls operate at layer 2 and have no/require no IP address, can you access higher layered apps with them? Example would be to have the proxy authenticate to LDAP system to check for valid user and valid net permissions, server has to somehow send a reply back, so without an IP, this can't happen right.
Below are two designs I am looking into implementing. Everything Internally will be Authenticated against LDAP with a small possibility of some public servers using LDAP too, but in my way of thinking anything using LDAP would should be behind the router on private link. FYI, the PROXY and the Linux Router would be two physically separate systems. So I guess my second question would be, can systems outside private network access limited internal services securely and be restricted at the same time?
Code:
Option 1:
(TRANSPARENT)
------------ -------------
| CBL MODM | ---------> | PROXY/FW |
------------ -------------
[code]....
View 4 Replies
View Related
Aug 19, 2010
I just erased WinXp and installed Ubuntu on old laptop. I intend to use it later ot connect to public Wi-Fi. Do i need to install a firewall GUI and make any special settings? I didn't encrypt home folder during installation. I probably should have done it. But i am already low on system resources (224MB ram, 1.2Ghz CPU). Would that use up any additional resources? Would it make computer run slower? Can i still encrypt the home folder after i installed the system?
View 3 Replies
View Related
May 9, 2011
Can we use iptables as firewall instead of Juniper firewall
View 2 Replies
View Related
May 21, 2010
I am trying to add border to the 1.jpg. It is the map that I want to add the first image.
how to make map transparent, so I can overlap them.
View 2 Replies
View Related
Aug 23, 2010
So I use the Elementary theme and the top panel doesn't really go transparent. How do I do it?
View 7 Replies
View Related
Feb 8, 2011
i tried searching for options to add conky class to make it look semi transparent, i could not find it, any idea how do i get into this ?
View 7 Replies
View Related
May 11, 2010
Have two questions:
1)Is that possible to disable the mouse or make it transparent in ubuntu 9.10?
2)Is that possible to change the ugly boot icon?
View 1 Replies
View Related
Aug 5, 2010
I figured out how to make the border transparent, but in w7 Whole opera is transparent. How do i do that in ubuntu?
View 1 Replies
View Related
Aug 20, 2010
I found out how to make the panels fully transparent so I thought I would share it with others. When you set the panel to be transparent in the default Ambiance theme in Ubuntu 10.04, you will find that some panel items' backgrounds are not transparent, but you can make them transparent and consistent with others, following these steps:
Go to Applications (or Main Menu) > Accessories > Terminal.
Enter cp -R /usr/share/themes/Ambiance ~/.themes/
Enter gedit ~/.themes/Ambiance/gtk-2.0/gtkrc to open Ambiance's ftkrc file with gedit.
Search for this line bg_pixmap[NORMAL] = "panel_bg.png"
Comment out the line by placing a # at the beginning of the line, like this: # bg_pixmap[NORMAL] = "panel_bg.png"
Save the gtkrc file.
Go to System > Preferences > Appearance, switch to the other theme and then back to the Ambiance theme.
View 9 Replies
View Related
Nov 6, 2010
How do I make the panel solid and not transparent as seen in the attached image.
View 2 Replies
View Related
Mar 19, 2011
I like the compositor options I get from Xubuntu rather Ubuntu because I havent really found a way to make the inactive windows transparent in Ubuntu. But I also like the transparency options I get for the panels on Ubuntu. I can make the panel transparent but keep the icons and text and Im pretty sure launchers not. Is there a way I can edit the panels in such a way in Xubuntu or vise versa for Ubuntu with the compositor options on Xubuntu?
First Screenshot is Ubuntu
Second Screen shot is Xubuntu
I want the red transparent panel from Ubuntu on Xubuntu or the compositing style from Xubuntu to Ubuntu.
View 9 Replies
View Related
Apr 24, 2010
I've been trying to make the menu bar transparent on ubuntu 9.1 but i don't know how. I've looked it up and many places tell me how to do it on CCSM but apparently my menus on CCSM are different. They tell me to go to the Opacity Settings tab an then enter certain values on dock, menu, dropdown, and popupmenu but i dont have those tabs.....
View 2 Replies
View Related
Jun 1, 2010
My gnome panel currently looks like this:
The panel is not expanded and the autohide buttons are not checked. As you can see I've set the background to transparent and removed the shadow via ccsm. The only thing that doesn't look nice are the "grabbers" to move the panel arround. Can they be modified to be transparent too? Maybe editing the theme?
I cannot set the panel to expand because I use a dock which would be partly covered by the panel.
View 2 Replies
View Related
Jul 11, 2010
Does anyone have a clue as to how to make the top and bottom panels transparent in 10.4 xubuntu?
There are no options in the settings menus to set this - none that work ffor me anyhoo. And 'right clicking' on the panels does not give this option.
Maybe a command line, er, command?c
View 2 Replies
View Related
Jun 6, 2011
Does anyone know how to set the background of a terminal to be an image, and not have it slightly transparent? I've set an image as my Terminal background, but now when I open a terminal over other applications I can see those applications through my Terminal background. Is there any way to stop this from happening?
View 9 Replies
View Related
Jul 22, 2010
So I've been messing around with the opacity settings in ccsm and I can't figure out how to make the drop menu color completely transparent.. I can adjust the opacity in ccsm, but that also changes the opacity of the tekst, and that's not so good..
View 9 Replies
View Related
Apr 26, 2011
How to make squid proxy transparent?I have configured a Squid proxy server with some ACLs but we have to check from client side whether those ACLs work or not ,I have to open their firefox and manually enter my machine's i.e. proxy server's ip, only after entering this ip , Those ACLs work properly.But now I want to make it work without manually entering the proxy on clients machine.I guess transparent proxy is the solution, but how to configure it/Please guide me and I am one of the machine in LAN.
View 1 Replies
View Related
Apr 26, 2011
http_port 3128 transparent --> What does this mean? Is this a only thing we do to make Squid Proxy Transparent?
View 2 Replies
View Related
Feb 6, 2010
I'm using ubuntu 9.10. I was wondering if it is possible to make a file/directory transparent when it is 'cut', like it is in Windows.
View 14 Replies
View Related
Sep 23, 2010
I have a Suse11 box with 2 network cards:
I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22
View 2 Replies
View Related
Jan 10, 2010
i am sorry, but i can not find the option to make the taskbar transparant.i have kde 4.3.4
View 8 Replies
View Related
Dec 3, 2010
We have a server at a friends house with a hard disk that's filling up so he picked up another hard drive.
My question is.. can I install it and then configure it so to the user it seems transparent and they just see the extra space all on one drive/directory? (From Windows)
It's running centos 5 with samba ... with EXT3.. and I don't believe it's using LVM.
View 4 Replies
View Related
Feb 23, 2011
I tried installing F-prot's linux scanner but it doesn't seem to want to install and I am tired of messing with it.
So I am wondering if I even need it or if there is something else.
I am behind a firewall already with my router if that helps any.
I guess I am having trouble understanding why virus protection is less necessary.
Do people not write viruses for linux systems?
View 7 Replies
View Related
Jul 20, 2010
I have Ubuntu running on an old PE server. It is running Virtualbox with an instance of Ubuntu inside. The instance is there to run my honeypot.
The server box IP is192.168.1.10. The Virtualbox is bridged with it's own IP of 192.168.1.200. The honeypot daemon is listening to 192.168.1.201 with arpd.
I set up the UFW with DENY. And then enabled only the ports leading to the honeypot scripts which are abound to IP .201. I then forwarded the ports necessary to run VNC to .200.
Here is the UFW status:
buntu@ubuntu-desktop:/var/lib$ sudo ufw status
Status: active
To Action From
-- ------ ----
192.168.1.201 21/tcp ALLOW 21/tcp
192.168.1.201 4444/tcp ALLOW 4444/tcp
192.168.1.201 5544/tcp ALLOW 5544/tcp
[Code].....
View 8 Replies
View Related
May 23, 2010
Will I need to actiavte the firewall that comes with Ubuntu since I'm using Transmission?
View 9 Replies
View Related
Aug 13, 2010
I am new to the Ubuntu/Linix world (less than a week).
I have tried the search, but have had difficulty finding threads on this.
Can someone recommend an excellent firewall to use with Ubuntu?
View 9 Replies
View Related
Aug 14, 2010
I have a VPS (Ubuntu 8.04 server eition) and as such am stuck with using a software firewall.
i currently have UFW installed.
I would ideally like to have my firewall be a little rude, or rather just not polite. I know what i am asking will break the RFC, but i consider this ok due to the security benefits.
I would like to have my firewall
1) ignore (eg drop without responding)all packets that dont start with a syn flag
2)for all other traffic that is currently blocked, have it dropped (again drop it without responding)
If there are any other rules you can think of i would like to know them. I already have only the services i want open and the rest blocked.
View 7 Replies
View Related
Nov 4, 2010
I've been using Windows for quite a few years now. I loved the way how I used to set incoming/outgoing rules for my applications. But I'm having hard time doing that in Ubuntu. I tried searching for a good GUI for iptables but I need your help selecting the best. I might learn iptables someday but for the time being I will be using a nice GUI. I'm currently using GUFW, I've tried Firestarter. All I need is a firewall that would allow me to configure rules for my applications.
View 9 Replies
View Related
Jun 15, 2011
I have set up a Ubuntu 10.10 server. I have been using ssh tunnels to encrypt my web traffic at public wifi. I am trying to make this server as secure as posible so I enabled ufw. I allowed SSH and HTTP traffic in and denied everything else. But when I do that I can not use SSH -D because when I try to visit a webpage it does not load and I get the following.
Code:
uname@mybox:~$ channel 3: open failed: connect failed: Connection timed out
^C
uname@mybox:~$ fclchannel 4: open failed: connect failed: Connection timed out
^C
uname@mybox:~$ exit
logout
What do I have to do to allow ufw to allow ssh tunnels through?
View 4 Replies
View Related
