Debian firewall questions
I recently set up a firewall for a customer using slink and kernel
2.2.3. I just want to verify that the setup is secure. I have read
through the Firewall HOWTO but it hasn't been updated since 1996 and
doesn't reflect the software I am using now ... so I ask here.
eth0: 1.2.3.4 (external interface)
eth1: 192.168.1.1 (internal interface)
The server has been running great without reboot for over a month and
everyone is very happy. The internal LAN consists of Windows (3.1, 95,
98 and NT), Novell, DOS and Linux machines.
Over the weekend the LAN administrator had some Novell accounts
disappear from one of the internal servers. He asked if someone could
have come through the firewall and done it. I find it doubtful but
thought I should ask people more knowledgeable than myself.
There is no running inetd. netstat -a show this:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
raw 0 0 *:1 *:*
raw 0 0 *:6 *:*
Active UNIX domain sockets (including servers)
unix 1 [ ] STREAM CONNECTED 22313 @00000011
unix 1 [ ] STREAM CONNECTED 35 @00000002
unix 1 [ ] STREAM CONNECTED 29 @00000001
unix 0 [ ACC ] STREAM LISTENING 26 /dev/log
unix 1 [ ] STREAM CONNECTED 22314 /dev/log
unix 1 [ ] STREAM CONNECTED 36 /dev/log
unix 1 [ ] STREAM CONNECTED 30 /dev/log
I am using kernel 2.2.3 (soon to be 2.2.5) and ipchains. My ipchains
rules are as follows:
ipchains -P forward DENY
ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
which listing chains give:
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target prot opt source destination
ports
MASQ all ------ 192.168.1.0/24 anywhere n/a
Chain output (policy ACCEPT):
How secure is this setup? Is there any way for people on the Internet
to come through and connect to internal hosts?
Also, I have installed ipac in the hope that I can monitor connection
attempts from outside our network. Does the slink ipac package work with
ipchains and kernel 2.2.x?
Thanks for your time and any assistance!
Fraser
Reply to: