Re: Debian firewall questions

To: Fraser Campbell <fraser@baxter.net>
Cc: debian-isp@lists.debian.org, debian-user@lists.debian.org, recipient list not shown: ;
Subject: Re: Debian firewall questions
From: Charles <charlesiii@theverge.com>
Date: Mon, 12 Apr 1999 16:19:03 -0300 (ADT)
Message-id: <[🔎] Pine.LNX.4.10.9904121618100.281-100000@theverge.com>
In-reply-to: <[🔎] 371203CB.7795E57B@baxter.net>

The 2.2.3 kernel has some problems with the tcp/ip stack
upgrade to 2.2.5 if you plan to use 2.2.x.
And read the IPCHAINS howto

Charles Verge

The Verge Internet Services
http://www.theverge.com  
The place for your site !

On Mon, 12 Apr 1999, Fraser Campbell wrote:

> I recently set up a firewall for a customer using slink and kernel
> 2.2.3.  I just want to verify that the setup is secure.  I have read
> through the Firewall HOWTO but it hasn't been updated since 1996 and
> doesn't reflect the software I am using now ... so I ask here.
> 
> eth0: 1.2.3.4 (external interface)
> eth1: 192.168.1.1 (internal interface)
> 
> The server has been running great without reboot for over a month and
> everyone is very happy.  The internal LAN consists of Windows (3.1, 95,
> 98 and NT), Novell, DOS and Linux machines.
> 
> Over the weekend the LAN administrator had some Novell accounts
> disappear from one of the internal servers.  He asked if someone could
> have come through the firewall and done it.  I find it doubtful but
> thought I should ask people more knowledgeable than myself.
> 
> There is no running inetd.  netstat -a show this:
> 
> Active Internet connections (including servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address        
> State
> raw        0      0 *:1                     *:*
> raw        0      0 *:6                     *:*
> Active UNIX domain sockets (including servers)
> unix  1      [ ]         STREAM     CONNECTED     22313  @00000011
> unix  1      [ ]         STREAM     CONNECTED     35     @00000002
> unix  1      [ ]         STREAM     CONNECTED     29     @00000001
> unix  0      [ ACC ]     STREAM     LISTENING     26     /dev/log
> unix  1      [ ]         STREAM     CONNECTED     22314  /dev/log
> unix  1      [ ]         STREAM     CONNECTED     36     /dev/log
> unix  1      [ ]         STREAM     CONNECTED     30     /dev/log
> 
> I am using kernel 2.2.3 (soon to be 2.2.5) and ipchains.  My ipchains
> rules are as follows:
> 
> ipchains -P forward DENY
> ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
> 
> which listing chains give:
> 
> Chain input (policy ACCEPT):
> Chain forward (policy DENY):
> target     prot opt     source                destination          
> ports
> MASQ       all  ------  192.168.1.0/24      anywhere              n/a
> Chain output (policy ACCEPT):
> 
> How secure is this setup?  Is there any way for people on the Internet
> to come through and connect to internal hosts?
> 
> Also, I have installed ipac in the hope that I can monitor connection
> attempts from outside our network. Does the slink ipac package work with
> ipchains and kernel 2.2.x?
> 
> Thanks for your time and any assistance!
> 
> Fraser
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>

Reply to:

References:
- Debian firewall questions
  - From: Fraser Campbell <fraser@baxter.net>

Prev by Date: Re: Emacs
Next by Date: Re: ATI RAGE IIC PCI
Previous by thread: Debian firewall questions
Next by thread: Newbie X problem
Index(es):
- Date
- Thread