Click to See Complete Forum and Search --> : Do I need a firewall
JediSthlm
02-18-2003, 09:13 AM
Howdy all
I have a question. I run a few services just for fun at my home server. The services are httpd, ftp, ssh, mysql, and mail. The box I´m running is behind a router so I open the ports for the services on the router. My question is, do I need to run a firewall on the box also? Or is it quite alright with the router blocking all ports except the ones that I have opened?
Thanx,
JediSthlm
if the router is blocking everything then no you don't need a firewall on that box.
JediSthlm
02-18-2003, 09:34 AM
Thanx for fast answer, I do block all ports except the one I use for the services, for example httpd I have port 80 open. Right?
chrism01
02-21-2003, 06:53 PM
Well, it may seem a bit overkill, but most serious security guys will tell you that defence in depth is best. You never know when someone's going to find a vulnerability in your router. Its been known to happen eg even CISCO boxes have been hacked.
If you're talking to the internet, I'd recommend a firewall on the server.
Just my opinion of course ;)
Zoist
02-23-2003, 05:25 AM
Won't do any harm.
Seminole
02-25-2003, 12:46 PM
It's safer and something else to spend time learning :) Try it, you may just like it. Your NAT router wouldn't block outbound attempts from your computer to the network though. If you somehow got infected with a trojan that wanted to call home, you wouldn't have a clue it was happening and your router will pass it along as valid info.
That's why firewalls are not overkill even if you have a NAT router.
The odds are that you are safe, but you never know... I have some sniffer software running and snort rules to report any suspicious activity to me.
Seems to be working fine although I do have to modify my rules a bit for my games. Seems that Q3 and UT2003 are getting recognized and reported as a bad thing. :)
JediSthlm
02-25-2003, 02:49 PM
Thanx for your answers, learing is a good thing, I´ll probably add a firewall as soon as possible.
JediSthlm
beley
02-26-2003, 12:53 AM
I'd probably setup a firewall on the box also... just for extra protection. Never hurts... you have door locks but you might also get a home security system - too much security is never a bad thing :D
Darknight
02-26-2003, 01:06 AM
Can someone add some suggestions for Firewall software?
What you use and how you like it?
(Possibly some problems/solutions for configurations)
beley
02-26-2003, 01:14 AM
iptables or ipchains
chrism01
02-28-2003, 07:43 PM
As beley said/implied, do it by hand. Its the only way to be sure. Iptables is superceding ipchains, so use that in preference, although ipchains does the job.
See the HOWTOs at www.tldp.org (the Linux Doc Proj). that's where i learned. :)