Debian firewall questions

To: debian-isp@lists.debian.org, debian-user@lists.debian.org
Subject: Debian firewall questions
From: Fraser Campbell <fraser@baxter.net>
Date: Mon, 12 Apr 1999 10:31:39 -0400
Message-id: <[🔎] 371203CB.7795E57B@baxter.net>

I recently set up a firewall for a customer using slink and kernel
2.2.3.  I just want to verify that the setup is secure.  I have read
through the Firewall HOWTO but it hasn't been updated since 1996 and
doesn't reflect the software I am using now ... so I ask here.

eth0: 1.2.3.4 (external interface)
eth1: 192.168.1.1 (internal interface)

The server has been running great without reboot for over a month and
everyone is very happy.  The internal LAN consists of Windows (3.1, 95,
98 and NT), Novell, DOS and Linux machines.

Over the weekend the LAN administrator had some Novell accounts
disappear from one of the internal servers.  He asked if someone could
have come through the firewall and done it.  I find it doubtful but
thought I should ask people more knowledgeable than myself.

There is no running inetd.  netstat -a show this:

Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address           Foreign Address        
State
raw        0      0 *:1                     *:*
raw        0      0 *:6                     *:*
Active UNIX domain sockets (including servers)
unix  1      [ ]         STREAM     CONNECTED     22313  @00000011
unix  1      [ ]         STREAM     CONNECTED     35     @00000002
unix  1      [ ]         STREAM     CONNECTED     29     @00000001
unix  0      [ ACC ]     STREAM     LISTENING     26     /dev/log
unix  1      [ ]         STREAM     CONNECTED     22314  /dev/log
unix  1      [ ]         STREAM     CONNECTED     36     /dev/log
unix  1      [ ]         STREAM     CONNECTED     30     /dev/log

I am using kernel 2.2.3 (soon to be 2.2.5) and ipchains.  My ipchains
rules are as follows:

ipchains -P forward DENY
ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0

which listing chains give:

Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination          
ports
MASQ       all  ------  192.168.1.0/24      anywhere              n/a
Chain output (policy ACCEPT):

How secure is this setup?  Is there any way for people on the Internet
to come through and connect to internal hosts?

Also, I have installed ipac in the hope that I can monitor connection
attempts from outside our network. Does the slink ipac package work with
ipchains and kernel 2.2.x?

Thanks for your time and any assistance!

Fraser

Reply to:

Follow-Ups:
- Re: Debian firewall questions
  - From: Charles <charlesiii@theverge.com>

Prev by Date: Re: chat serial port configuration
Next by Date: Re: ATI RAGE IIC PCI
Previous by thread: Re: Slink PPP with no defaultroute
Next by thread: Re: Debian firewall questions
Index(es):
- Date
- Thread