Find the answer to your Linux question:
Results 1 to 6 of 6
Hi folks, I have just got sarge installed on one of my computers that I have been messing around with. I am looking for a simple but good firewall that ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2004
    Posts
    18

    sarge firewall


    Hi folks,

    I have just got sarge installed on one of my computers that I have been messing around with.

    I am looking for a simple but good firewall that I can use. Basically what I want to do is:

    1). Run a small web/email and ftp server from the debain box
    2). Access the Internet from my windows box.

    Internet <->cablemodem<->debain(web/email/ftp server)<->hub<->Windows

    I have found this script so far, but not sure if it will allow me to access the net from my windows box.

    iptables -F
    iptables -N FIREWALL
    iptables -F FIREWALL
    iptables -A INPUT -j FIREWALL
    iptables -A FORWARD -j FIREWALL
    iptables -A FIREWALL -p tcp -m tcp --dport 25 --syn -j ACCEPT
    iptables -A FIREWALL -p tcp -m tcp -s 192.168.20.1/24 --dport 22 --syn -j ACCEPT
    iptables -A FIREWALL -i lo -j ACCEPT
    iptables -A FIREWALL -p udp -m udp --sport 53 -j ACCEPT
    iptables -A FIREWALL -p tcp -m tcp --sport 53 -j ACCEPT
    iptables -A FIREWALL -p udp -m udp --dport 123 -j ACCEPT
    iptables -A FIREWALL -p udp -m udp --sport 6277 -j ACCEPT
    iptables -A FIREWALL -p udp -m udp --sport 24441 -j ACCEPT
    iptables -A FIREWALL -p tcp -m tcp --syn -j REJECT
    iptables -A FIREWALL -p udp -m udp -j REJECT
    iptables-save > /etc/firewall-rules
    iptables-restore < /etc/firewall-rules


    Can anyone help?

    thanks

    Kev

  2. #2
    Linux Engineer Giro's Avatar
    Join Date
    Jul 2003
    Location
    England
    Posts
    1,219
    Is the Debian box going to be the firewall? If it is I would advise you not to run any services on the firewall this is a golden rule. If you are running say Apache on your firewall and it has a vuln then someone exploits that and gets r00t they then have full access to you internal network. They should be segragated into seperate machines and seperate networks(DMZ).

  3. #3
    Just Joined!
    Join Date
    Apr 2004
    Posts
    18
    Hi Giro,

    well, for now the firewall/email/web/ftp will be on the one box. just a little project I am messing around with.

    Once I am confident of my work, they will be on seperate boxes. I only have 2 computers, the debain one any my windows one. Once I am happy, I will go out and buy a cheap second hand base unit for the firewall and re-use the box I have now, as the email/web/ftp server.

    Are you able to help me out?

    Cheers

    Kev

  4. #4
    Just Joined!
    Join Date
    Feb 2005
    Posts
    1
    Hi Altern8

    some of the Debian Users might find my proposition inappropriate, but have a look at the bastille-firewall. Very simple with a different approach for a configuration GUI. You might have a lot of fun with this tiny peace of software.

    minimec

  5. #5
    Linux Guru Vergil83's Avatar
    Join Date
    Mar 2004
    Posts
    2,407
    i don't find it inappropriate

    there are some debian packages too
    http://packages.debian.org/cgi-bin/s...ll&release=all

    technically it is not a firewall however
    http://www.bastille-linux.org/
    Brilliant Mediocrity - Making Failure Look Good

  6. #6
    Just Joined!
    Join Date
    Apr 2004
    Posts
    18
    Hi folks,

    Many thanks for all your help, finally managed to get something sorted. I got shorewall installed and works great for what I need it for. Very easy to install and configure.

    Thanks

    Kev

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •