ipchains

moebius at ip-solutions.net moebius at ip-solutions.net
Sun Mar 19 12:21:13 EST 2000 

Hey Shelly,
  <---Reply below---->

> my question is - what is the best way to test that the firewall is secure? i
> configured mine using ipchains (also doing masquerading for my internal lan,
> which is set up as a 192.168.x.x network - my external interface is an isdn
> connection at work). i had been reading about the prog SAINT, but it seems
> that must be run from another linux box, as a remote admin sort of tool. the
> linux firewall box is the only linux box on the network at my job - all others
> are NT servers and win98 workstations. i also tried the port scanner at
> www.hackerwhacker.com, but that only scans 11 ports (5 of which it says i have
> open, though it won't elaborate without $$$). any other programs anyone could
> recommend for firewall testing?

I like using simple programs like nmap (www.insecure.org) for port scans,
tcpdump will allow you to capture and see what is going on. As far as
programs like Nessus and Saint. They are more for dealing with "services"
that might have holes in them. Sendmail, though I love it, is a great
example of one of these types.

> 
> also... with an ipchains packet filter in place, how important is it that
> certain ports are left open? i've turned off everything i don't need from
> inetd.conf, and removed unnecessary services from my rc3.d. what other methods
> are there to close ports - must i put ipchains rules in regarding specific
> ports? (my firewall script is currently very general, referring only to the
> ability of external traffic to traverse past eth0 onto my local lan - no ports
> specified).
You should always shut down ports your not using. Remember, not all come
from inetd. A easy way to see who has ports open is "%netstat -vat" which
will show things as they are happening. Some might disagree here but I
think a default of "deny" in ipchains is a must. Block all internal
transmissions by making them use localhost. That way traffic going out
across the wire is more easily tracked.
 
> 
> all in all it's been a learning experience!  i didn't use any of the firewall
> rule tools, just hand coded everything with the help of many web sites and
> howto's. any highly recommended firewall rule creation tools out there?
Mason's what I learned on. Took my router down off the net for 3 days and
watched it build traffic piece by piece until I figured out what was going
on. Unfortunately that is all changing come 2.4 kernel. Should be
interesting.
Harry

More information about the Techtalk mailing list