Confounded by Firestarter "Issues"...

To: debian-user@lists.debian.org
Subject: Confounded by Firestarter "Issues"...
From: listcomm@ml1.net
Date: Wed, 21 Jul 2004 00:21:03 -0700
Message-id: <[🔎] 1090394463.31507.200772057@webmail.messagingengine.com>

I'm trying to configure Firestarter (0.8xx) as a "Personal Firewall" (I
know
that's heresy in some quarters) and seem to be missing some fundamental
information.

I have it set up and running and I can get data through it.  The problem
is that I can't seem to dope out how to properly set it up for packet
filtering
(at least not for use as a "Personal Firewall"; the documentation is a
lot
better for how to set it up on a separate "firewall system" or DMZ, but
that's
not what I'm after at this point...)

Supposedly (at least according to dicsucsions on the "sourceforge"
website),
it should by default block all incoming data *except* that which is
being sent
back in response to an outgoing communication (all of which are supposed
to
be enabled, by default).  It doesn't do any of that...  I ended up
explicitly permitting all communication with my ISP's DNS servers
because nothing (even "ping") could resolve a URL to an IP
address because no contact with the DNS servers was possible.  I haven't
been able to determine any method of just enabling whatever ports are
required
for communication with the DNS servers - the only thing that seems to
work is
enabling *all* communication with the DNS servers.

Similarly, with Netscape, I haven't been able to get Netscape to
communicate without
explicitly permitting all communication with whatever site it's
currently trying
to access.

I thought the idea was to explicitly permit only certain *ports* to
communicate,
but so far, I can't figure out any way to make *that* work...  Using
"lsof -i"
I *think* I'm identifying the ports that various programs (e.g.
Netscape) are
using to communicate, but just enabling communication to a machine (or
all
users) on those ports doesn't allow Netscape to work - I have to enable
*all*
communication with the IP address of whatever URL it's trying to access.

I do NOT know enough about any of this to be sure that I'm not trying
to make Firestarter do things that it's not designed to do.  I'm trying
to extract some sort of "Zone Alarm" type functionality out of it,
controlling
which programs or services can obtain transactions in and out of a PPP
connection by
selectively enabling only those ports which are used by the program
(e.g.
a browser, a mailer, etc.) - is that unreasonable?  Should I be using
something
other than Firestarter?

Is there some dark secret to determining exactly which ports what
processes/programs
are using, so that they can be selectively enabled in the Firestarter
"rules"?
Or is there some obscure requirement for syntax in specifying ports
(i.e. more
than just the port number or service name?) that's somehow escaped me?

Thus far, no amount of Web trolling has produced any specific answers...
I'm
about to go delve into some of the Unix security books... hopefully
someone here
can enlighten me?

Reply to:

Prev by Date: Confounded by Firestarter "Issues"...
Next by Date: Re: is it possible to change apt-get's access priorities? (Redux...)
Previous by thread: Confounded by Firestarter "Issues"...
Next by thread: Re: Confounded by Firestarter "Issues"...
Index(es):
- Date
- Thread