[KLUG Members] Re: Firewall/Cisco oddities.

Bob Kanaley members@kalamazoolinux.org
Fri, 8 Mar 2002 13:39:49 -0500

Previous message: [KLUG Members] Meeting
Next message: [KLUG Members] Re: Re:Samba reprocess config file questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If I had to make a guess, I would suspect that you are seeing more open
ports due to users behind the firewall opening them. IPTables is stateful so
it knows where open connections come from. If you want a simple but complete
firewall I would recommend a preconfigured LRP/LEAF distribution
(http://leaf.sourceforge.net/ ).

All you need is an old 486 with a good floppy to setup an LRP/LEAF firewall.
Although LRP/LEAF fits on a floppy, you can burn it to a bootable CD or
install it on a disk if you really feel you have to.

The real beauty of LRP is that it runs in memory from write protected media.
If somebody manages to crack your firewall, they have a very small
playground. You hit the reset button and don't have to worry about rootkits,
backdoors or trojans.

You download a basic firewall distribution that closely fits your needs,
dump any unneccessary modules, add any additional LRP modules you want or
need for your particular setup. Boot the disk and configure the modules via
menu and well commented configuration scripts. Write the configuration back
to disk, make a second copy for backup and re-boot.

One page of instructions walks you through how to do all this. For IPTables
you would probably want something like the Bering distribution running
Shorewall.

The Bering distribution is based on a 2.4.x linux kernel

It relies on Shorewall for extended firewalling facilities. Check all the
Shorewall features here http://www.shorewall.net/shorewall_features.htm.

The main objectives are:

To benefit from the netfilter/iptables facilities

To have access to the latest kernel device drivers & filesystems

To keep everything available on a single floppy for the largest possible
user's base (including serial modem, cable modem or ADSL PPP/PPPOE users)

To keep the simplicity provided by Dachstein (an LRP 2.2 kernal IPChains
based firewall)

To stick to a standard linux kernel as much as possible. This allows LEAF
"Bering" usage and developement in a virtual environment

To stick as much as possible to the Debian distribution structure

> Date: Thu, 7 Mar 2002 16:41:56 -0500 (EST)
> From: Adam Bultman <adamb@glaven.org>
> To: <members@kalamazoolinux.org>
> Subject: [KLUG Members] Firewall/Cisco oddities.
> Reply-To: members@kalamazoolinux.org
>
> Okay.  I just switched from an OpenBSD firewall to an IPtables firewall.
> Here's the deal.
>
> My firewall sits behind a Cisco 700 series router.  The router itself has
> telnet and finger running ( I haven't turned it off yet, need to remember
> how) but for the most part, it blocks almost all ports.  I have to
> specifically turn ON port forwarding.  When I had my openBSD firewall,
> only a few services showed up:  finger, telnet, smtp, SSH.
>
> Well, I switched to a linux box recently, and now, somehow more ports are
> showing up. Either something else has gone on, I'm not sure, but now more
> ports show up.  I'm baffled.  I'm writing more firewall rules (currently
> it doesn't do much) but since the router SHOULDNT be port forewarding,
> there has to be some mistake. Has to be.  Currently, smtp, ldap, and 1002
> show up as open, but I can ssh in, and go to my web page. this is bizarre.

Previous message: [KLUG Members] Meeting
Next message: [KLUG Members] Re: Re:Samba reprocess config file questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]