[Sderby] Help Firewall

Deon Grobler sderby at mailman.lug.org.uk
Wed Jun 25 17:10:01 2003


Trevor

I suspected that Redhat 9 was the same as the old setup ...  pop me a mail
at deon@wildfiredigital.com with your number and I will give you a call if
you like.

Deon


-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of trw dLogical
Sent: Wednesday, June 25, 2003 4:37 PM
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall


OK Have looked at this now

and found that S95IPTABLES does not exist. It only has the IPCHAINS options.

Have been in to setup and do not have firewall option only have system
services.

and although I recognise lots of things there is a lot I don't know and am
worried about
messing it up completely.

Trevor.

-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of Deon Grobler
Sent: 25 June 2003 15:20
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall


Well then this is pretty much the list I gave you.

Go into setup/firewall/customize ... check the SSH box, check the FTP box if
you need to ftp in, and then on the bottom line, assuming its still the same
as 7.1 *last time I used Linux*  ... type in 3306 for mysql ... OK OK .. and
exit of of there.

Once thats done, it should start blocking on the fly, but always test it.
Try and connect to the box from another machine to a service that is running
like DNS.  telnet *IP ADDRESS* 53 ... it "should" be denied.  If it allows
it, recheck your rules, make sure they have been saved, and if thats all
good, restart the process.  /etc/rc.d/init.d/S95IPTABLES reload

Let us know how things go.

Deon


-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of trw dLogical
Sent: Wednesday, June 25, 2003 3:12 PM
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall


Well a list hum,

1) I require to ssh into the server.
2) Mysql is required to be accessed.
3) The ability for me to ftp certain files to run on the server.
(mainly perl programs to load database info -  oh and a few sql setup
scripts).

I really think thats about it as the server although being a DNS server is
only going to be used as a database server.
If I can ever get mysql to create the db in the home directory.

No domains or email or general ftp stuff will be allowed. Although the
server has apache and email etc installed.

Thanks

Trevor.


-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of Deon Grobler
Sent: 25 June 2003 14:58
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall


Sure ... well the easiest way to proceed is to give me a list of what you
need the outside *internet world* to access.

ie: apache/httpd

regards
Deon


-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of trw dLogical
Sent: Wednesday, June 25, 2003 2:51 PM
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall


Yep this sounds quite promising.

I have had suggested IPCHAINS which I believe is like IPTABLES.
(Hum lack of Linux admin knowledge showing).

I have entered the setup and it appears I can switch on and off anything
from there.
But me not done this before. So if you could help a little further I would
be most pleased.

Trevor.

-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of Deon Grobler
Sent: 25 June 2003 13:54
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall


Well, you could do a basic setup with IPTABLES or TCPwrappers on that box.

Deny everything and allow like 22ssh/80web/3306mysql  ..  at the console
type: setup .. and proceed from there.

regards
Deon




-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of trw dLogical
Sent: Wednesday, June 25, 2003 1:55 PM
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall


Thanks for the reply,

However I have looked at smoothwall and as you say it requires a dedicated
server.

This I do not have as the linux box is a dns server which is located at
Fasthosts hub.
I theirfore cannot put a single linux box upfront.

Trevor.

-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of Martin Brentnall
Sent: 25 June 2003 13:15
To: sderby@mailman.lug.org.uk
Subject: Re: [Sderby] Help Firewall


Hi,

I've been running a firewall called Smoothwall Linux 2.0. I don't really
know
if that's what you're looking for, as it requires a machine dedicated to the
firewall (I'm using an old P200 with 32MB RAM, although even this spec is a
big overkill for my needs).

Smoothwall Linux 2.0 is still in the Beta stage, but you can get Smoothwall
1.0 if you like (my NIC wasn't supported by 1.0's kernel), which is a final
version.

The URL is http://smoothwall.org

Cheers,
Martin



On Tuesday 24 June 2003 9:35 pm, trw dLogical wrote:
> Hi
>
> I run a small computer software company in Overseal and I have a little
> problem.
>
>
> I am a reseller for Fasthosts internet and develop software using linux
> based servers.
>
> This has been going great until I recently required to have a database
over
> their default limit size.
>
> This has meant I have had to arrange for a dedicated server, and although
I
> have enough knowledge to
> have closed down the database etc I have no knowledge of firewalls, which
> to use or how to configure.
>
> I wonder if there is somebody who could provide assistance with this as I
> require to have the new server
> secured rather quickly.
>
> Trevor Ward
> dLogical Limited
>
> T:	01283 760469
>
> E:	info@dlogical.co.uk
>
> W:	www.dlogical.co.uk
>
>
> _______________________________________________
> Sderby mailing list
> Sderby@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/sderby
> Web site: http://sderby.lug.org.uk/
> wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl


_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl


_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl



_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl


_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl



_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl


_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl



_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl


_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl