2 posts / 0 new
Last post
#1 Fri, 12/30/2005 - 13:27
AdamHolt

firewalls?

Is my router (linksys) enough to keep intruders from hacking my linux box, or what do I choose in virtualmins listing for firewall. It tells me I dont have shorewall firewall installed, and in linux firewall in virtualmin it shows me

No IPtables firewall has been setup yet on your system. Webmin can set one up for you, to be stored in the save file /etc/webmin/firewall/iptables.save, with the initial settings based your selection of firewall type below..

Allow all traffic Do network address translation on external interface: eth0loOther..

Block all incoming connections on external interface: eth0loOther..

Block all except SSH and IDENT on external interface: eth0loOther..

Block all except SSH, IDENT, ping and high ports on interface:

Which if any do I need to pick? I only want to run http, ftp, and mail for people to use their own mail program to pickup their mail.

When I had the suse 10.0 firewall on, you couldnt reach any site, when I turned it off the sites were reachable again. So I had to turn it off in the suse 10.0 firewall option to only run if I turn it on manually, and it didnt have an option for ftp.

So what do I choose in the virtualmins linux firwall, as listed above so that it works properly, or should I try to find shorewall firewall?

Thank you, Adam

Sat, 12/31/2005 - 06:37
ChrisBlackwell

I use the Linux Firewall module, which allows you to configure a standard iptables firewall. iptables is very powerful, but can be a little complex to get started with. For most small hosting applications it is adequate, but sometimes a specific hardware firewall can provide better protection.

I would recomend you read up on iptables and how webmin manages them in Jamies wonderful book which is available[a href="http://www.virtualmin.com/support/managingsystems.pdf">here</... (firewalls start on page 173)

<b>Warning:[/b>When you start to setup your firewall be very careful not to block yourself out of the system. If you apply a firewall configuration that does not allow access via SSH or Webmin you will not be able to get in to change it remotely and will need to be at the box to fix it!!

In general with security you should block everything then open the holes you want, so I would start by selecting[b>Block all incoming connections on external interface: eth0</b> Then open up the holes you need to for the services you run. Typically these will be:

TCP 21 FTP
TCP 22 SSH
TCP 25 SMTP
UDP 53 DNS
TCP 80 HTTP
TCP 110 POP3
TCP 442 HTTPS
TCP 10000 WEBMIN

Many of the other commonly used ports can be found[a href="http://en.wikipedia.org/wiki/List_of_well-known_ports_(computing)">here</a>

Its also worth mentioning that many people forget that a firewall should only be part of your security setup. You're opening holes in your firewall to the some of the most commonly attacked services, SMTP & HTTP, so you should be prepared to monitor activity on your system proactively. Tools like portsentry, logcheck and snort can help you with this.