Mailinglist Archive: opensuse-factory (824 mails)
| < Previous | Next > |
Re: [opensuse-factory] Firewall not consistent..
- From: "M9." <monkey9@xxxxxx>
- Date: Sat, 15 Sep 2007 18:50:58 +0200
- Message-id: <46EC0D72.7080907@xxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
jdd schreef:
> M9. wrote:
>
>> In my config there are only trusted hosts...
>> (in a windows case there are constantly hosts that are informed
>
> informed?
spyware and datamining.. ;-)
( i know this is unknown to linux :-)
>
>> yes it has to let me know who is going out and going in, and i must be
>> able to shut whatever port i like, in principle..
>
> this is not a firewall but a proxy server.
no, in windows, a firewall can do that..
>
> Usually, a firewall blocks all the ports. That means that no
> communication can be initiated from the exterior to the inside. If
> inside your computer you ask an application to go and search, this is
> allowed.
>
>> If some host wants to enter my pc, i want to know this,
>
> what does this mean for you??
that my spyware-killers do not work.. (please do not forget my decade of
windows use ;-)
>
> all what an external program can do on your computer is read a port or
> write a port.
>
> closing a port means only that this write is rejected (or simply
> ignored). In fact, if no application is listening (by reading this
> port), the write *is* ignored
>
>> If i give a password to a host, it can enter without noticing me, as
>> long as i want to let the firewall exept the password.
>
> this may be the windows way of life, but it's not Linux one.
indeed, some habits die hard ;-)
if I do
> "ssh <somecomputer>", my ssh will try to write to the ssh port of this
> computer. If, for example, it's a windows 98 with no firewall at all,
> but with no ssh server neither, nothing is going on and I cannot enter
>
> to enter a computer you must have a server that allows this
>
>> A good firewall can handele this perfectly, with just one card.
>
> nope. untrusted pc can attack a trusted one. This is like having
> all computers exposed to the exterior and youi have to protect all of them
my router is a firewall, and all PC's and laptops have one..
>
>> As i understand, only for the ports used by samba for the LAN?
>
> well, the windows smb implementation seems to be programed in an evil
> way and don't use always the same ports, so one must let many ones open
> (that is may listen to these ports and answer to them) and this is
> unsecure.
>
>>
>>> use of samba server on suse fixes the permission problem.
>>
>> Samba server i did not use before...
>
> how did you grant access to your linux computer from windows then?
Sorry, it is the client and the server, i thought of an aplication like
server-edition.. euh..errr..;-)
>
> access must be done on the host:
>
> * by a standard protocol (smb, ssh, ftp, http...) accepted by a server
> * by two applications sharing the same port
yes that is the procedures..
>
> anyway, if you had a working config one day, and now it's no more
> working, there is to have been a change in between :-)
Offcourse there has to be a change to change something.
In this case i did not change a thing.
Why should i?
It worked, and i never change something that does its job well..
again, that is why i call the firewall inconsistant..
If it is too much trouble to config it right, i shut it off, no big
deal..(router is sufficient, and one pc can use DHZ )
- --
Have a nice day,
M9. Now, is the only time that exists.
OS: Linux 2.6.22.5-10-default x86_64
Huidige gebruiker: monkey9@tribal-sfn2
Systeem: openSUSE 10.3 (X86-64) Beta3
KDE: 3.5.7 "release 58"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFG7A1yX5/X5X6LpDgRAtrYAJ9qC4iLYY/VZVowNhuPxnx3oR+JMgCfdzEm
splkrsqmms9PIUnSgYkXi+k=
=dAU3
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
Hash: SHA1
jdd schreef:
> M9. wrote:
>
>> In my config there are only trusted hosts...
>> (in a windows case there are constantly hosts that are informed
>
> informed?
spyware and datamining.. ;-)
( i know this is unknown to linux :-)
>
>> yes it has to let me know who is going out and going in, and i must be
>> able to shut whatever port i like, in principle..
>
> this is not a firewall but a proxy server.
no, in windows, a firewall can do that..
>
> Usually, a firewall blocks all the ports. That means that no
> communication can be initiated from the exterior to the inside. If
> inside your computer you ask an application to go and search, this is
> allowed.
>
>> If some host wants to enter my pc, i want to know this,
>
> what does this mean for you??
that my spyware-killers do not work.. (please do not forget my decade of
windows use ;-)
>
> all what an external program can do on your computer is read a port or
> write a port.
>
> closing a port means only that this write is rejected (or simply
> ignored). In fact, if no application is listening (by reading this
> port), the write *is* ignored
>
>> If i give a password to a host, it can enter without noticing me, as
>> long as i want to let the firewall exept the password.
>
> this may be the windows way of life, but it's not Linux one.
indeed, some habits die hard ;-)
if I do
> "ssh <somecomputer>", my ssh will try to write to the ssh port of this
> computer. If, for example, it's a windows 98 with no firewall at all,
> but with no ssh server neither, nothing is going on and I cannot enter
>
> to enter a computer you must have a server that allows this
>
>> A good firewall can handele this perfectly, with just one card.
>
> nope. untrusted pc can attack a trusted one. This is like having
> all computers exposed to the exterior and youi have to protect all of them
my router is a firewall, and all PC's and laptops have one..
>
>> As i understand, only for the ports used by samba for the LAN?
>
> well, the windows smb implementation seems to be programed in an evil
> way and don't use always the same ports, so one must let many ones open
> (that is may listen to these ports and answer to them) and this is
> unsecure.
>
>>
>>> use of samba server on suse fixes the permission problem.
>>
>> Samba server i did not use before...
>
> how did you grant access to your linux computer from windows then?
Sorry, it is the client and the server, i thought of an aplication like
server-edition.. euh..errr..;-)
>
> access must be done on the host:
>
> * by a standard protocol (smb, ssh, ftp, http...) accepted by a server
> * by two applications sharing the same port
yes that is the procedures..
>
> anyway, if you had a working config one day, and now it's no more
> working, there is to have been a change in between :-)
Offcourse there has to be a change to change something.
In this case i did not change a thing.
Why should i?
It worked, and i never change something that does its job well..
again, that is why i call the firewall inconsistant..
If it is too much trouble to config it right, i shut it off, no big
deal..(router is sufficient, and one pc can use DHZ )
- --
Have a nice day,
M9. Now, is the only time that exists.
OS: Linux 2.6.22.5-10-default x86_64
Huidige gebruiker: monkey9@tribal-sfn2
Systeem: openSUSE 10.3 (X86-64) Beta3
KDE: 3.5.7 "release 58"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFG7A1yX5/X5X6LpDgRAtrYAJ9qC4iLYY/VZVowNhuPxnx3oR+JMgCfdzEm
splkrsqmms9PIUnSgYkXi+k=
=dAU3
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |