Re: Debian firewall questions
The 2.2.3 kernel has some problems with the tcp/ip stack
upgrade to 2.2.5 if you plan to use 2.2.x.
And read the IPCHAINS howto
Charles Verge
The Verge Internet Services
http://www.theverge.com
The place for your site !
On Mon, 12 Apr 1999, Fraser Campbell wrote:
> I recently set up a firewall for a customer using slink and kernel
> 2.2.3. I just want to verify that the setup is secure. I have read
> through the Firewall HOWTO but it hasn't been updated since 1996 and
> doesn't reflect the software I am using now ... so I ask here.
>
> eth0: 1.2.3.4 (external interface)
> eth1: 192.168.1.1 (internal interface)
>
> The server has been running great without reboot for over a month and
> everyone is very happy. The internal LAN consists of Windows (3.1, 95,
> 98 and NT), Novell, DOS and Linux machines.
>
> Over the weekend the LAN administrator had some Novell accounts
> disappear from one of the internal servers. He asked if someone could
> have come through the firewall and done it. I find it doubtful but
> thought I should ask people more knowledgeable than myself.
>
> There is no running inetd. netstat -a show this:
>
> Active Internet connections (including servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State
> raw 0 0 *:1 *:*
> raw 0 0 *:6 *:*
> Active UNIX domain sockets (including servers)
> unix 1 [ ] STREAM CONNECTED 22313 @00000011
> unix 1 [ ] STREAM CONNECTED 35 @00000002
> unix 1 [ ] STREAM CONNECTED 29 @00000001
> unix 0 [ ACC ] STREAM LISTENING 26 /dev/log
> unix 1 [ ] STREAM CONNECTED 22314 /dev/log
> unix 1 [ ] STREAM CONNECTED 36 /dev/log
> unix 1 [ ] STREAM CONNECTED 30 /dev/log
>
> I am using kernel 2.2.3 (soon to be 2.2.5) and ipchains. My ipchains
> rules are as follows:
>
> ipchains -P forward DENY
> ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
>
> which listing chains give:
>
> Chain input (policy ACCEPT):
> Chain forward (policy DENY):
> target prot opt source destination
> ports
> MASQ all ------ 192.168.1.0/24 anywhere n/a
> Chain output (policy ACCEPT):
>
> How secure is this setup? Is there any way for people on the Internet
> to come through and connect to internal hosts?
>
> Also, I have installed ipac in the hope that I can monitor connection
> attempts from outside our network. Does the slink ipac package work with
> ipchains and kernel 2.2.x?
>
> Thanks for your time and any assistance!
>
> Fraser
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: