Most recent edit on 2007-05-21 20:04:48 by SySy [moved]
Additions:
moved to http://docs.mypclinuxos.com/AdvancedFirewall∞
Deletions:
Advanced Firewalling
Back to Using Firewalls
THIS PAGE BEING MOVED TO http://docs.mypclinuxos.com/AdvancedFirewall∞
If you want to be able to see firewall logging output, you can install fwlogwatch∞ by using Synaptic. fwlogwatch is simple to use. To create a text file of all packets that your firewall rules dropped, simply (as root, wihtout quotes) type d > /home/yourusername/fwlog" at a command prompt and you can then open fwlog with konqueror or a text editor and view the results. "fwlogwatch --help" (as root) will give the full list of options.
By using the command "fwlogwatch -d" the results will be shown in the terminal window you are currently in.
Its important to note that the firewall configuration tools are just that - configuration tools. Most, if not all, Linux GUI "firewalls" are front-end configuration tools for netfilter. Netfilter's prject page can be found here: http://www.netfilter.org/∞
Here are a few of the more advanced firewalling examples PCLinuxOS is capable of with some modifications.
Shorewall Configuration Examples
The Shorewall documentation∞ provides numerous excellent examples on firewall configuration. A few of the more interesting are linked below.
Firewall with 3 Interfaces and one public IP address.∞
A standalone Linux PC.∞
A simple Linux webserver.∞
Firestarter Configuration Examples
Firestarter is more limited (by far) in functionality when compared to Shorewall. However, Firestarter's intuitive GUI makes it very attractive for new users.
The firestarter manual is very comprehensive - it is located at their homepage.∞ The below configuration examples assume that you have firestarter already working and want to customize it.
To get firestarter to run at boot:
At a command prompt, type "su -" (without quotes), then
"chkconfig --level 2345 shorewall off" (do not include quotes, when done hit enter)
"chkconfig --level 2345 iptables off" (do not include quotes, when done hit enter)
"chkconfig --level 35 firestarter on" (do not include quotes, when done hit enter)
On the next reboot, firestarter will automatically load.
How To NFS and firewall
First of all, I'm not an expert on this subject, I just noticed that if I want to use NFS and firewall together, it needs some tuning.
The article here http://www.troubleshooters.com/lpm/200305/200305.htm#_A_Somewhat_Practical_Server_Firewall∞ guided me to set things right.
To set NFS shares, read this topic: http://www.pclinuxos.com/forum/index.php?topic=6990.0∞
Details on how to configure NFS and firewall settings are explained in the article I mentioned above, so I will just explain the steps on how to do it in PCLOS.
First we have to edit /etc/rc.d/init.d/nfs file. Open it (as root), and find a line that contains these words MOUNTD_PORT. Insert a new line just above it like this MOUNTD_PORT=33333 and save. The port 33333 is only one alternative. It can be any number between 32000 and 34000, but be sure it is not already used. It shoud not be listed as output of rpcinfo -p command nor shoud it be listed in the file /etc/services
echo -n $"Starting NFS daemon: "
daemon rpc.nfsd $RPCNFSDCOUNT
echo
MOUNTD_PORT=33333 #This is the line that should be added
[ -n "$MOUNTD_PORT" ] \
&& RPCMOUNTDOPTS="$RPCMOUNTDOPTS -p $MOUNTD_PORT"
Now (as root) Restart NFS server: /etc/rc.d/init.d/nfs restart
Use the rpcinfo -p command to verify that all instances of mountd are pegged at your chosen number.
Next comes firewall setup. Open the "PCLinuxOS Control Center" and select "Security"
Here you Click the "Set up a Personal Firewall to protect your computer and network"
Click on the Advanced Button and type this in the "other ports" field:
111/udp 2049/udp 33333/udp 111/tcp 2049/tcp 33333/tcp
It's possible that you have to allow ping request also. Save settings and we are done!
NFS should get it's way through firewall now. This worked for me. 0.93a-Junior is installed on my Laptop, and 0.92 is on my Desktop computer.
CategorySecurity
Edited on 2007-05-18 14:16:46 by IanDawson [Porting to new wiki]
Additions:
THIS PAGE BEING MOVED TO http://docs.mypclinuxos.com/AdvancedFirewall∞
Edited on 2007-02-02 17:10:53 by DidouPh [added nfs and firewall]
Additions:
How To NFS and firewall
First of all, I'm not an expert on this subject, I just noticed that if I want to use NFS and firewall together, it needs some tuning.
The article here http://www.troubleshooters.com/lpm/200305/200305.htm#_A_Somewhat_Practical_Server_Firewall∞ guided me to set things right.
To set NFS shares, read this topic: http://www.pclinuxos.com/forum/index.php?topic=6990.0∞
Details on how to configure NFS and firewall settings are explained in the article I mentioned above, so I will just explain the steps on how to do it in PCLOS.
First we have to edit /etc/rc.d/init.d/nfs file. Open it (as root), and find a line that contains these words MOUNTD_PORT. Insert a new line just above it like this MOUNTD_PORT=33333 and save. The port 33333 is only one alternative. It can be any number between 32000 and 34000, but be sure it is not already used. It shoud not be listed as output of rpcinfo -p command nor shoud it be listed in the file /etc/services
echo -n $"Starting NFS daemon: "
daemon rpc.nfsd $RPCNFSDCOUNT
echo
MOUNTD_PORT=33333 #This is the line that should be added
[ -n "$MOUNTD_PORT" ] \
&& RPCMOUNTDOPTS="$RPCMOUNTDOPTS -p $MOUNTD_PORT"
Now (as root) Restart NFS server: /etc/rc.d/init.d/nfs restart
Use the rpcinfo -p command to verify that all instances of mountd are pegged at your chosen number.
Next comes firewall setup. Open the "PCLinuxOS Control Center" and select "Security"
Here you Click the "Set up a Personal Firewall to protect your computer and network"
Click on the Advanced Button and type this in the "other ports" field:
111/udp 2049/udp 33333/udp 111/tcp 2049/tcp 33333/tcp
It's possible that you have to allow ping request also. Save settings and we are done!
NFS should get it's way through firewall now. This worked for me. 0.93a-Junior is installed on my Laptop, and 0.92 is on my Desktop computer.
Edited on 2005-11-19 15:32:25 by LexNL
Additions:
Back to Using Firewalls
Deletions:
Back to Firewall
Oldest known version of this page was edited on 2005-11-19 15:32:06 by LexNL [Content originally from the Firewall Page]
Page view:
Advanced Firewalling
Back to
Firewall
If you want to be able to see firewall logging output, you can install
fwlogwatch∞ by using Synaptic. fwlogwatch is simple to use. To create a text file of all packets that your firewall rules dropped, simply (as root, wihtout quotes) type d > /home/yourusername/fwlog" at a command prompt and you can then open fwlog with konqueror or a text editor and view the results. "fwlogwatch --help" (as root) will give the full list of options.
By using the command "fwlogwatch -d" the results will be shown in the terminal window you are currently in.
Its important to note that the firewall configuration tools are just that - configuration tools. Most, if not all, Linux GUI "firewalls" are front-end configuration tools for netfilter. Netfilter's prject page can be found here:
http://www.netfilter.org/∞
Here are a few of the more
advanced firewalling examples PCLinuxOS is capable of with some modifications.
Shorewall Configuration Examples
The Shorewall
documentation∞ provides numerous excellent examples on firewall configuration. A few of the more interesting are linked below.
Firewall with 3 Interfaces and one public IP address.∞
A standalone Linux PC.∞
A simple Linux webserver.∞
Firestarter Configuration Examples
Firestarter is more limited (by far) in functionality when compared to Shorewall. However, Firestarter's intuitive GUI makes it very attractive for new users.
The firestarter manual is very comprehensive - it is located
at their homepage.∞ The below configuration examples assume that you have firestarter already working and want to customize it.
To get firestarter to run at boot:
At a command prompt, type "su -" (without quotes), then
"chkconfig --level 2345 shorewall off" (do not include quotes, when done hit enter)
"chkconfig --level 2345 iptables off" (do not include quotes, when done hit enter)
"chkconfig --level 35 firestarter on" (do not include quotes, when done hit enter)
On the next reboot, firestarter will automatically load.
CategorySecurity