Setting up a Firewall

>>>>> "UoVoBW" == UoVoBW <linolusu@tin.it> writes:

UoVoBW> Hello NG I need help about setting up a firewall on astand
UoVoBW> alone PC using RH9. [...]

You can configure a netfilter using the iptable facility. (There are
also some tools which wrap it). See www.netfilter.org for more or
search on google. See also general Linux documentation, like
www.tldp.org

Usually, a firewall is a computer with several networks plugged in.

Don't forget to stop those services you don't want to run on your PC,
and check regularily your logfiles.

--

Basile STARYNKEVITCH http://starynkevitch.net/Basile/
email: basile<at>starynkevitch<dot>net
aliases: basile<at>tunes<dot>org = bstarynk<at>nerim<dot>net
8, rue de la Faïencerie, 92340 Bourg La Reine, France

Hello NG

I need help about setting up a firewall on astand alone PC using RH9.
I heard that usually people use a separate computer as a firewall but i
can't afford one and i probably won't need one.
So i need to set a firewall up on my machine in rh9.
I searched the web on google and so on on many other howtos but all of them
spoke about doing it on a separate pc, whic I wont do.

Thank you very very much for any help

ps (sorry for the english but i'm italian)

Bye

UoVoBW wrote:

> Hello NG
>
> I need help about setting up a firewall on astand alone PC using RH9.
> I heard that usually people use a separate computer as a firewall but i
> can't afford one and i probably won't need one.
> So i need to set a firewall up on my machine in rh9.
> I searched the web on google and so on on many other howtos but all of
> them spoke about doing it on a separate pc, whic I wont do.
>
> Thank you very very much for any help
>
> ps (sorry for the english but i'm italian)
>
> Bye


If you use KDE, install guarddog. Then look at the file it creates so you
know how to roll your own.

Generally a good tip is to get a GUI product to create something *like* what
you're looking for, then try to understand the output. Mos GUI progs put
thing out in a daft way, and is hard to understand, but at least you'll be
safe.

In comp.os.linux.security UoVoBW <linolusu@tin.it> wrote:
> I need help about setting up a firewall on astand alone PC using RH9.
> I heard that usually people use a separate computer as a firewall but i
> can't afford one and i probably won't need one.
> So i need to set a firewall up on my machine in rh9.
> I searched the web on google and so on on many other howtos but all of them
> spoke about doing it on a separate pc, whic I wont do.

The reason is: the concept of a firewall includes that there is
a box which filters before your workstation. What you're meaning
is host based filtering.

Perhaps you need that, but likely not.

Test your system with lsof -i, so that you can see what services
you're offering.

Then stop all unwanted services.

The services you're needing to run normally offer the possibility
to setup them on a network interface. Set them up on 127.0.0.1,
so no-one can connect but programs on your own box.

If you have a LAN, and want to offer services to that LAN,
then configure them that they're just offering their services
in that LAN. For services which do not support that, but do support
tcpd, start them using inetd/tcpd or xinetd/tcpd.

If there are remaining services, which you're needing and which
cannot be configured as I described above, then you're needing
host based filtering. Use iptables for that.

VB.
--
X-Pie Software GmbH
Postfach 1540, 88334 Bad Waldsee
Phone +49-7524-996806 Fax +49-7524-996807
mailto:vb@x-pie.de http://www.x-pie.de

UoVoBW wrote:

> Hello NG
>
> I need help about setting up a firewall on astand alone PC using RH9.
> I heard that usually people use a separate computer as a firewall but i
> can't afford one and i probably won't need one.

You can just use an old computer as a firewall. My own network has an old
Celeron 300Mhz with 32Mb SDRAM and 5gb of HDD space! I think that's enough.

/*
Non occorre chissà che mostro per un firewall... Puoi usare un vecchio
scasseotto come ho fatto io! Celeron 300Mhz, 32Mb di SDRAM e HDD da 5 gb...
Basta e avanza!
*/

> So i need to set a firewall up on my machine in rh9.

Why don't you use iptables?

/*
Perchè non usi iptables?
*/

> I searched the web on google and so on on many other howtos but all of
> them spoke about doing it on a separate pc, whic I wont do.

With iptables you can use the same pc.

/*
Con iptables puoi fare tutto su un solo computer come con 2! Devi solo
attivarlo nel kernel e impararti i comandi con qualche howto...
*/

> Thank you very very much for any help
>
> ps (sorry for the english but i'm italian)

I'm italian too

/*
Pure io sono italiano!! Tu da dove sei?
*/

> Bye

Ciao!
--

$> man woman
$> segmentation fault (core dumped)
__________________________________________________ _____________
Registered Linux User n.°: 324313
MSN Messenger UID: wafer_overflow@hotmail.com
Odigo UID: wafer_overflow@odigo.com
ICQ UIN: 272995286

well, you can get a simple linux firewall "how-to" setup here at
http://hotwired.lycos.com/webmonkey/...tml?tw=backend ....
you can start right now.

raqueeb hassan
Kinshasa, DRC

>>>>> "linolusu" == linolusu <UoVoBW> writes:
linolusu>
linolusu> Hello NG
linolusu> I need help about setting up a firewall on astand alone PC
linolusu> using RH9.
linolusu> I heard that usually people use a separate computer as a
linolusu> firewall but i can't afford one and i probably won't need
linolusu> one.
linolusu> So i need to set a firewall up on my machine in rh9.
linolusu> I searched the web on google and so on on many other howtos
linolusu> but all of them spoke about doing it on a separate pc, whic
linolusu> I wont do.
linolusu>
linolusu> Thank you very very much for any help
linolusu>
linolusu> ps (sorry for the english but i'm italian)
linolusu>
linolusu> Bye

If I wrote Italian as well as you write English, I would be very proud
of myself.

It is doubtful that you need a real firewall on your computer. You
can simply turn on or off the services, and be reasonably sure of your
machines security. Keep up to date with security patches.

You can see security related patches here:

https://rhn.redhat.com/errata/rh9-errata-security.html

Don't be alarmed by the number, it is likely that almost all of them
apply to things that you aren't running, and those that do, probably
don't apply to a remote attacker, just to a local user trying to
become root.

However, if you want a firewall anyway, just run the command "lokkit" from a
text terminal, or launch it from the menu as described here:

http://www.redhat.com/docs/manuals/l...omelokkit.html

Please update the security related patches even if you are running a firewall.

Hope that helps,

--Rob

On Sat, 08 Nov 2003 14:15:26 +0100, UoVoBW wrote:

> Hello NG
>

Have a look at http://firestarter.sourceforge.net - might be what your
looking for.

You're all Great!!!
This is the best answer ever...
i tryed many other NGs but all i got was "you sucker" or no answer at all!!!
Thank you very much...
I've been using win so long that i can't almost imagine a pc without a
firewall...if you say it's so safe i'll go for it...
Thank you again
Bye

When you do get to the point that you need or want a dedicated firewall,
I would recommend the smoothwall setup. Try the site www.smoothwall.org and
look it over. I have found it to be very easy to use and install. The GPL
version is nice in price and they do keep it up to date.

Good luck on your exploration of Linux.

And your English in the posts is easy to understand.