[gentoo-user] Questions about setting up reliable firewall

[gentoo-user] Questions about setting up reliable firewall

[cothrige]

I have been trying to find a way to set up a simple firewall which I
can trust is doing what I need it to do.  I am connecting via a
diaulup with my local phone company which dynamically assigns me an ip
address.  I want to be able to use the web and send and receive email
via my pop and smtp server, also from my phone company, but of course
would like to protect myself from outside attacks.  I also have a
second machine connected via ethernet which allows me to operate out
of two rooms, but I don't have anything I can use to set up a
dedicated firewall box, which seems to be what so many howtos assume.

Can anyone make a suggest a guide or howto on firewalls which I can
use?  I have never been able to figure out iptables in such a way that
I am confident that I am doing anything other than making things
worse, or just end up unable to connect to anything.  Or perhaps there
is a simple tool which will do these things?  I tried firestarter but
it never seemed to work quite right.  I could get it to allow me out
once, but then when I would dial up later I couldn't reach the
network.  Or the ssh connection would be down.  Or something similar.
This was disappointing as it really did seem the simplest to use of
those I investigated.

I hope someone can make a suggestion to an iptable newbie about where
to go now.  Many thanks for any help,

Patrick
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Questions about setting up reliable firewall

[Uwe Thiem]

On 12 August 2005 16:40, cothrige wrote:
> I have been trying to find a way to set up a simple firewall which I
> can trust is doing what I need it to do.  I am connecting via a
> diaulup with my local phone company which dynamically assigns me an ip
> address.  I want to be able to use the web and send and receive email
> via my pop and smtp server, also from my phone company, but of course
> would like to protect myself from outside attacks.  I also have a
> second machine connected via ethernet which allows me to operate out
> of two rooms, but I don't have anything I can use to set up a
> dedicated firewall box, which seems to be what so many howtos assume.

Emerge shorewall, read the docs, especially the comments in its config files 
and set it up. Once you understand how it works, the setup is easy. Then 
let /etc/ppp/ip-up bring it up and /etc/ppp/ip-down bring it down. In your 
simple setup, just deny everything from outside and allow everything from 
inside. Though a dedicated firewall is much better for anything larger, you 
can get away with setting it up on your connecting box.

Uwe

-- 
95% of all programmers rate themselves among the top 5% of all software 
developers. - Linus Torvalds

http://www.uwix.iway.na (last updated: 20.06.2004)
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Questions about setting up reliable firewall

[Alexander Rink]

Have a look at firehol (firehol.sourceforge.net). I suppose that this is 
exactly what u r looking for. You can write config files in an easy and 
understandable language, firehol will translate them into iptables commands. 
You can find predefined scripts for different environments after emerging 
firehol in /etc/firehol/examples

For a single dialup computer the settings are as simple as:
interface any world
	client all accept

Which means that the computer is completely hidden and offers no services. 
Adding a ssh Server just adds the following line
	server ssh

You can find a nice and detailled example at firehols hompage. 


On Friday 12 August 2005 15:40, cothrige wrote:
> I have been trying to find a way to set up a simple firewall which I
> can trust is doing what I need it to do.  I am connecting via a
> diaulup with my local phone company which dynamically assigns me an ip
> address.  I want to be able to use the web and send and receive email
> via my pop and smtp server, also from my phone company, but of course
> would like to protect myself from outside attacks.  I also have a
> second machine connected via ethernet which allows me to operate out
> of two rooms, but I don't have anything I can use to set up a
> dedicated firewall box, which seems to be what so many howtos assume.
>
> Can anyone make a suggest a guide or howto on firewalls which I can
> use?  I have never been able to figure out iptables in such a way that
> I am confident that I am doing anything other than making things
> worse, or just end up unable to connect to anything.  Or perhaps there
> is a simple tool which will do these things?  I tried firestarter but
> it never seemed to work quite right.  I could get it to allow me out
> once, but then when I would dial up later I couldn't reach the
> network.  Or the ssh connection would be down.  Or something similar.
> This was disappointing as it really did seem the simplest to use of
> those I investigated.
>
> I hope someone can make a suggestion to an iptable newbie about where
> to go now.  Many thanks for any help,
>
> Patrick
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Questions about setting up reliable firewall

[cothrige]

* Alexander Rink (a.rink@gmx.net) wrote:
> Have a look at firehol (firehol.sourceforge.net). I suppose that this is 
> exactly what u r looking for. You can write config files in an easy and 
> understandable language, firehol will translate them into iptables commands. 
> You can find predefined scripts for different environments after emerging 
> firehol in /etc/firehol/examples
> 
> For a single dialup computer the settings are as simple as:
> interface any world
> 	client all accept
> 
> Which means that the computer is completely hidden and offers no services. 
> Adding a ssh Server just adds the following line
> 	server ssh
> 
> You can find a nice and detailled example at firehols hompage. 

Quite awesome.  I used the tutorial on their webpage and it seemed to
work just as I wanted.  I tried several online port scans,
i.e. Sygate, Shields Up, etc., and they all returned all ports as
stealthed.  And yet my internet connection, masquerading, and ssh
connections are all up and running just as I need.

Many thanks for the help.

Patrick
-- 
gentoo-user@gentoo.org mailing list