firewall

Jim Douglas jdz99 at hotmail.com
Sun Jul 6 20:18:18 UTC 2008 


> Date: Fri, 4 Jul 2008 20:20:03 +0300
> From: ed.lau at mail.ee
> To: kubuntu-users at lists.ubuntu.com
> Subject: Re: firewall
> 
> Jim Douglas kirjutas:
> >   I am trying to install FirewallBuilder on Kubuntu and keep getting error
> > ....any suggestions?
> 
> I used NARC and it works like a charm - 
> http://www.knowplace.org/pages/howtos/firewalling_with_netfilter_iptables/netfilter_automatic_rule_configurator.php
> 
> I suggest it also to you!
> 
> It is command line script but very well commented and it uses iptables to do its work. NARC is just 
> one command line frontend to get iptables configured and run in your way. Installing is very easy - 
> just copy 3 different files into different places, modify the firewall script, update running 
> services and start script as firewall. Everyting is well documented and easy to use.
> 
> You can put to file /etc/rc.local the following row:
> /usr/sbin/narc start
> .... to start NARC automatically at boot.
> 
> Then after you configured the NARC and started it - you may forget it. It just works. If you need 
> some ports to be open, just reconfigure /etc/narc/narc.conf to fit your needs, restart NARC daemon 
> and that's it!
> 
> But NARC will not start if there is no IP-address at selected network interface. This is commonly 
> when network interface is just not up or getting IP-address takes some time over DHCP. Then you need 
> some pause before the NARC will start to give some time for network interface starting up:
> sleep 10; /usr/sbin/narc start
> ... this "10" is the time in seconds, after when the system will run followed command. If 10 seconds 
> is not enough for your computer - give some more time :) Just test it.
> 
> You may check firewall working like this:
> sudo iptables -L
> or
> sudo narc status
> 
> 
> If sudo iptables -L gives you picture like this:
> 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> ... then no firewall is working.
> 
> If NARC is working - there will be much more longer information in table.
> 
> 
> Best Regards,
> Edmund
> 
> -- 
> kubuntu-users mailing list
> kubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users



the narc site has been down...I have configured my home network with Firewall Builder..

I have a Linux PC with Firewall on eth0 dynamic ip, eth1(static IP) has a windows PC.  I can browse the web with the Windows PC but can't with the PC that I installed the firewall on,

...this is the output from iptables -L,


root at sa-desktop:~/Desktop/fwbuilder-3.0.0# sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
In_RULE_0  all  --  172.25.25.16       anywhere
In_RULE_0  all  --  192.168.1.1          anywhere
In_RULE_0  all  --  192.168.1.0/24       anywhere
ACCEPT     all  --  anywhere             anywhere            state NEW
ACCEPT     tcp  --  192.168.1.0/24       anywhere            tcp dpt:ssh state NEW
RULE_4     all  --  anywhere             anywhere            state NEW
ACCEPT     all  --  192.168.1.0/24       anywhere            state NEW
RULE_6     all  --  anywhere             anywhere            state NEW

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
In_RULE_0  all  --  172.25.25.16       anywhere
In_RULE_0  all  --  192.168.1.1          anywhere
In_RULE_0  all  --  192.168.1.0/24       anywhere
ACCEPT     all  --  192.168.1.0/24       anywhere            state NEW
RULE_6     all  --  anywhere             anywhere            state NEW

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state NEW
RULE_3     all  --  anywhere             192.168.1.0/24      state NEW
RULE_4     all  --  anywhere             172.25.25.16      state NEW
RULE_4     all  --  anywhere             192.168.1.1         state NEW
ACCEPT     all  --  192.168.1.0/24       anywhere            state NEW
RULE_6     all  --  anywhere             anywhere            state NEW

Chain In_RULE_0 (6 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level info prefix `RULE 0 -- DENY '
DROP       all  --  anywhere             anywhere

Chain RULE_3 (1 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level info prefix `RULE 3 -- ACCEPT '
ACCEPT     all  --  anywhere             anywhere

Chain RULE_4 (3 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level info prefix `RULE 4 -- DENY '
DROP       all  --  anywhere             anywhere

Chain RULE_6 (3 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level info prefix `RULE 6 -- DENY '
DROP       all  --  anywhere             anywhere



Thank for your help,

Jim

_________________________________________________________________
The i’m Talkaton. Can 30-days of conversation change the world?
http://www.imtalkathon.com/?source=EML_WLH_Talkathon_ChangeWorld
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kubuntu-users/attachments/20080706/ce981978/attachment.html>

More information about the kubuntu-users mailing list