I have been running PortSentry as a firewall on my computer, and I was curious as to whether or not this is considered an adequate firewall. If not, does anybody have any other recommendations to run in conjunction with PortSentry?

Also, another question - I have decided to setup a TCP Wrapper. I was trying to figure out what rules to setup. The problem is, I'm never sure where I'm going to be connecting from. Any suggestions about the rules. (I do have a paper guiding me to setup rules, etc. I'm just wondering what would be a good security practice for my specific case.)


Dark Ninja

Let me see...

No you're alright, I can only see your /etc and /root dirs. The rest are secure.

:D

...that's good...right? ;) (THAT WAS A JOKE!)

Seriously, though. PortSentry adequate?


Dark Ninja

No PortSentry is not adequate. The problem with portsentry is that it allows the packet through first and then determines whether or not to block it. In any case, the packet has already gotten through. I suggest running ipchains or iptables and then configuring it. This way you can define which packets can reach your system.

Some people run both ipchains/iptables and PortSentry. This is fine, but a little redundant in my opinion because with ipchains/iptables running, the packets often never hit PortSentry so it just sits there doing nothing.

If you're not sure how to configure ipchains/iptables, you can download gShield which is a front end to it: http://muse.linuxmafia.org

Well...not wanting to screw anything up after I got this far...I installed iptables and a program called guarddog. Graphical interface in setting up iptables supposedly. However, it seems kind of weird to me that I have to enable HTTP and DNS just so my computer can connect to the web. Isn't a firewall supposed to keep people OUT. Not lock me in? (I've fixed it - but it just seems very weird.)

Also - where is the IPTABLES policy file usually located.


Dark Ninja


Hmmm...removed IP tables. Apparently it doesn't like me trying to connect to AOL's servers to use GAIM. Any good reading material on this SOB? And...even if I do manage to figure it out - how do I know I've set it up correctly?

[ 08 November 2001: Message edited by: Dark Ninja ]

There isn't actually an iptables policy file. Usually you make your own and then run it at boot up. It's basically a set of commands using iptables and telling it what rules to use. As I said, gShield is a pretty straightforward script that allows you to configure what ports you want open and which machines on the Net and on the local network are allowed to use which services.

I don't use GAIM, but I suggest making a search around Google for people who've had that problem and fixed it.

Okay, well, I have the whole concept of how to edit it using this guarddog program. And, I'll look around Google, like you said. But...I'm kind of confused on the whole iptables "thing." From what I've read so far, iptables does two things - it prevents people connecting to your computer, and it prevents you from connecting out. You can allow one or the other...etc, etc.

Now, it is also to my understanding that, you have to actually make sure you open up access so you can get to HTTP, SSH, etc - whatever you want to connect to to get to the outside world. Is this correct?

Sorry I'm asking so many questions, but, since I am running a server for a group of friends, I don't want to end up locking them out.

Basically - I want to be able to connect to my SSH server, and then connect out to all the "normal stuff." (HTTP, FTP, SSH, and all my miscellaneous programs.)


Dark Ninja

Actually, ipchains/iptables do three things. One, they alter the way other computers can connect to yours. Two, they alter who your computer can connect to others. And third, they alter the way other computers can connect to other computers through your computer.

Some basics about packet filetering can be found in The Netfilter Project HomePage (http://netfilter.samba.org/) or by doing google search (http://www.google.com/search?q=iptables+ipchains+rusty+guide).

Just thought I'd share the fact that I've solved the problem of letting GAIM through. Just open up the firewall as though you were using ICQ.

Now, I had two more questions, then hopefully I'll be all set to go. On this configuration script, there is an item that says, "Protocols Served From Zone..." and then the two subcategories are: "Internet" and "Local" - Now, so far, I've only unblocked internet protocols. What's the difference between the two.

My second question is - how do I know my firewall is even working. I mean...I unblocked SSH so people could connect to me, right? Well...how is that an effective firewall solution? That's what I'm not sure I really understand.

Thanks for all your help. I appreciate it very much.


Dark Ninja

Actually, I think I answered my own question - but - I just want to make sure about it.

Here's what I have:

The Protocols served from zone INTERNET are the ones that I connect OUT to. Therefore, because I browse the web, download from FTP servers, connect to servers using SSH, and I use LimeWire - I should have those be accepted. (DNS also) Everything else should either DROP or DENY all the packets.

For the protocols serverd from zone LOCAL - these are people who are allowed to connect to me. So, because I run an SSH server, and I do want to be able to connect to it from anywhere, I should open that up. Eventually (when I get my FTP server) I should open that up too. And, because I use LimeWire, I'll need people to be able to confirm the fact that I am downloading from them, so I should open that up too.

Does that sound about correct? So far, it's worked like I expected. I'm not pulling down PortSentry yet. I want to keep that line of defense in there. But...things seem to be working nicely.

Also - does IPTABLES work like PortSentry. Can I add IP addresses to /etc/hosts.deny and /etc/hosts.allow so I can block/connect with other systems? Also, does IPTABLES do this automatically for someone scanning my system like PortSentry does?


Thanks for your help. Sorry to be so much trouble, but, I know what a pain it can be if a system is not secure.


Dark Ninja

Hey there, I'm using iptables and I'm confused about how limewire is meant to function with it. Do you know what protocol or ports it does its file sharing on?

Muchas gracias