Re: [SLE] Firewall Redux - SOLVED?
At 02:50 PM 5/9/2002 +0300, you wrote:
Quoting Nick Selby
: * Nick Selby;
on 08 May, 2002 wrote: So if my machines all have a 192.168.X.X in there, how would I enter
On Wednesday 08 May 2002 19:16, Togan Muftuoglu wrote: that
? With 192.0.0.0 ? I have several machines connected on the network with Samba allowing the windows machine to talk to me. All of us are connected to a Suse 7.2 machine running the iSDN and the masq/ip forward.
192.168.0.0/16 would be very generic but usable :-)
Nada. Nichts. Niente. Zip.
I'd love to look for other options. I got NO warnings on starting the firewall. I set all the options, I believe, as we have been discussing here on this string and now I have the following firewall settings:
Think FW_DEV_EXT="eth0" is the iSDN, than it should be FW_DEV_EXT="ppp0" or something. This setup is between eth0 and eth0.
Good luck. Radu
Hey, Radu!! Thanks so much for that. It's up and running. Well. At least... I THINK it's up and running. I did /sbin/SuSefirewall2 start and got no complaints. I went into the logfile and see no errors. How can I make sure the thing is running? Thanks in advance and especially for all the help yesterday from everyone and especially from Togan. NIck
FW_DEV_EXT="eth0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$DEV_WORLD" FW_MASQ_NETS="192.168.0.0/16" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ssh" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="139" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DHCLIENT="yes" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="yes" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" # END of rc.firewall
Can anyone help?
Thanks in advance, Nick
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com
Go to: https://grc.com/default.htm and click on the link called "ShieldsUP!" Then do both the "Test my shields!" and the "Probe my ports!" tests. (I know, I know, I'm not sure I want anyone "probing my ports" either, but...) It will say at the top of the "Test my shields!" test that this is internet security for Windows users, but I'm not sure why Linux users cannot test their firewalls adequately here either. Especially the "Probe my ports!" test seems useful as it tries to connect to you via FTP, Telnet, SMTP, Finger, POP3, IDENT, RPC, Net BIOS, IMAP, HTTPS, MSFT DS, and UPnP. The default SuSE Firewall2 on my machine shows everything in "Stealth!" mode except IDENT which reports it is "Closed". The author of the page explains in the FAQ: "Why isn't my Port 113 Stealthed? I'm using a firewall to stealth my entire machine, but the ShieldsUP! port probe shows port 113 to only be closed instead of stealthed! What gives? Port 113 is associated with the Internet's Ident/Auth (Identification / Authentication) service. When a client program in your computer contacts a remote server for services such as POP, IMAP, SMTP, or IRC, that remote server sends back a query to the "Ident" server running in many systems listening for these queries on port 113. Essentially, the remote server is asking your system to identify itself. . .and you. This means that port 113 is often probed by attackers as a rich source of your personal information. You may recall, from my explanation of Stealthed ports, that attempting to connect to a stealthed port is both costly and painful for the contact initiator -- which is why it's so cool to stealth our machines. But the problem with simple stealthing of port 113 is that we don't want to hurt the servers we are trying to contact when they turn around and send us their IDENT query. If they get no response at all from their port 113 query, our connection to them (which initiated their query in the first place) will be delayed or perhaps completely abandoned. Note that not all servers generate IDENT queries. So, depending upon your ISP, stealthing port 113 may not be any problem for you. However, you'll note that requirements for port 113 are common enough that most mature firewalls (BlackICE Defender, AtGuard, NIS2K, etc.) include built-in default rules allowing IDENT queries to pass through. These rules result in the IDENT's status being "closed" rather than "stealth." So what can you do? You may be able to remove or disable your firewall's default rule for IDENT (port 113) and run it in full stealth mode without trouble. If you do this, keep on the lookout for trouble connecting to less common servers, like IRC, which might have problems that you haven't encountered before. Or, you can leave the default rule in place and live with your system's IDENT service port being visible to the outside world. Be aware that this provides a means for intruders to detect an otherwise stealthed computer. And they'll know you're running a firewall since other things are stealthed, but not port 113. Or, you can switch to the very latest, highest technology, and best adaptive firewall which is smart enough to stealth this port against random probes, while still showing it as "closed" to queries from valid servers . . . " If others know of a better FREE site to check the security of one's firewall with, I'd be glad to hear about it. Nick Selby wrote:
How can I make sure the thing is running?
Yours, Brian. I proudly use SuSE Gnu/Linux 8.0 Professional. Kernel version 2.4.18-4GB Current Linux uptime: 8 days 5 hours 09 minutes.
Thanks for this Brian, On Thursday 09 May 2002 16:43, Brian W. Carver wrote:
Go to: https://grc.com/default.htm
and click on the link called "ShieldsUP!"
Then do both the "Test my shields!" and the "Probe my ports!" tests. (I know, I know, I'm not sure I want anyone "probing my ports" either, but...)
I went and did it and it gets right in to my Suse 7.2 gateway, though admits that all services which are penetrable are password protected. Still, I'd like to tell Suse 7.2's firewall to a) start and b) block all but SSH and close rather than stealth IDENT be " IDENT which reports it is "Closed". The author of the page explains in the FAQ:cause of your post: "Why isn't my Port 113 Stealthed? I'm using a firewall to stealth my entYou may recall, from my explanation of Stealthed ports, that attempting to connect to a stealthed port is both costly and painful for the contact initiator -- which is why it's so cool to stealth our machines. But the problem with simple stealthing of port 113 is that we don't want to hurt the servers we are trying to contact when they turn around and send us their IDENT query. If they get no response at all from their port 113 query, our connection to them (which initiated their query in the first place) will be delayed or perhaps completely abandoned. You may recall, from my explanation of Stealthed ports, that attempting to connect to a stealthed port is both costly and painful for the contact initiator -- which is why it's so cool to stealth our machines. But the problem with simple stealthing of port 113 is that we don't want to hurt the servers we are trying to contact when they turn around and send us their IDENT query. If they get no response at all from their port 113 query, our connection to them (which initiated their query in the first place) will be delayed or perhaps completely abandoned. Naturally, after getting through this lovely 8.0 firewall2 process, Id love to be able to apply this knowledge to my 7.2 machine. But I can't because the config files are ...... WHERE? Thanks in advance, Nick
On Thursday 09 May 2002 16:43, Brian W. Carver wrote:
Go to: https://grc.com/default.htm
and click on the link called "ShieldsUP!"
Then do both the "Test my shields!" and the "Probe my ports!" tests. (I know, I know, I'm not sure I want anyone "probing my ports" either, but...)
It will say at the top of the "Test my shields!" test that this is internet security for Windows users, but I'm not sure why Linux users cannot test their firewalls adequately here either. Especially the "Probe my ports!" test seems useful as it tries to connect to you via FTP, Telnet, SMTP, Finger, POP3, IDENT, RPC, Net BIOS, IMAP, HTTPS, MSFT DS, and UPnP. The default SuSE Firewall2 on my machine shows everything in "Stealth!" mode except IDENT which reports it is "Closed". The author of the page explains in the FAQ:
"Why isn't my Port 113 Stealthed? I'm using a firewall to stealth my entire machine, but the ShieldsUP! port probe shows port 113 to only be closed instead of stealthed! What gives? Port 113 is associated with the Internet's Ident/Auth (Identification / Authentication) service. When a client program in your computer contacts a remote server for services such as POP, IMAP, SMTP, or IRC, that remote server sends back a query to the "Ident" server running in many systems listening for these queries on port 113. Essentially, the remote server is asking your system to identify itself. . .and you. This means that port 113 is often probed by attackers as a rich source of your personal information.
You may recall, from my explanation of Stealthed ports, that attempting to connect to a stealthed port is both costly and painful for the contact initiator -- which is why it's so cool to stealth our machines. But the problem with simple stealthing of port 113 is that we don't want to hurt the servers we are trying to contact when they turn around and send us their IDENT query. If they get no response at all from their port 113 query, our connection to them (which initiated their query in the first place) will be delayed or perhaps completely abandoned.
Note that not all servers generate IDENT queries. So, depending upon your ISP, stealthing port 113 may not be any problem for you. However, you'll note that requirements for port 113 are common enough that most mature firewalls (BlackICE Defender, AtGuard, NIS2K, etc.) include built-in default rules allowing IDENT queries to pass through. These rules result in the IDENT's status being "closed" rather than "stealth."
So what can you do?
You may be able to remove or disable your firewall's default rule for IDENT (port 113) and run it in full stealth mode without trouble. If you do this, keep on the lookout for trouble connecting to less common servers, like IRC, which might have problems that you haven't encountered before.
Or, you can leave the default rule in place and live with your system's IDENT service port being visible to the outside world. Be aware that this provides a means for intruders to detect an otherwise stealthed computer. And they'll know you're running a firewall since other things are stealthed, but not port 113.
Or, you can switch to the very latest, highest technology, and best adaptive firewall which is smart enough to stealth this port against random probes, while still showing it as "closed" to queries from valid servers . . . "
If others know of a better FREE site to check the security of one's firewall with, I'd be glad to hear about it.
Nick Selby wrote:
How can I make sure the thing is running?
Yours, Brian. I proudly use SuSE Gnu/Linux 8.0 Professional. Kernel version 2.4.18-4GB Current Linux uptime: 8 days 5 hours 09 minutes.
participants (2)
-
Brian W. Carver
-
Nick Selby