Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
Hi, Iím new to Linux. I have just installed Fedora 7 and Firestarter on my machine. I can not understand behaviors of Firestarter inbound traffic polices. 1. I allowed for ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2007
    Posts
    8

    Firestarter inbound trafic polices


    Hi,
    Iím new to Linux.
    I have just installed Fedora 7 and Firestarter on my machine.

    I can not understand behaviors of Firestarter inbound traffic polices.
    1. I allowed for connections from host X
    2. I allowed for services HTTP only for IP Y
    3. I forwarded HTTP services to internal IP Z.

    I would expect that only IP Y and X (specified in allowed services and allowed connection policy) would be forwarded to IP Z, but it looks like connection from all IPís are forwarded to IP Z.

    Could someone explain where I am wrong?
    Thanks for your assistance

  2. #2
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    Hi Eric,

    To be honest I've always found firestarter to be a bit flakey, don't get me wrong it's great if you want an outward bound only NATting tool.

    A good gui tool is fwbuilder, it's very similar to CheckPoint's firewall one.

    If you want to be sure that there are no holes in your firewall, best bet is to learn iptables

    Better still get a hardware firewall

  3. #3
    Just Joined!
    Join Date
    Nov 2007
    Posts
    8
    Hi Matonb,
    Thanks for replay.
    I wanted to come back with good news that I'm running fwduilder already, but it looks like it's going to take some time.

    Installation successful. Setting up is going to take some time. Unfortunately the tutorials I found are for older versions and I am not able to get 'routing' right.

    Fwbuilder option look much better than firestarter. Just hope I will manage to get it running before breakfast.

    Iptables - i will think about learning them as soon as I'm comfortable with fwbuilder (few years at least). By this time there will be more choice.

    In the meantime...http://www.linuxforums.org/forum/ima...s/confused.gif

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    Eric, feel free to ask questions I'll do my best to answer them.

    There used to be a really good beginers guide on the fwbuilder site, no idea where it's gone now though!
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

  6. #5
    Just Joined!
    Join Date
    Nov 2007
    Posts
    8
    Hi Matonb,

    Thanks.
    For manuals I went to source fwbuilder.org. Right now I'm looking for something better.

    I got stack at routing. May be I understand it wrong but I want to forward communication to internal ip. Should I do it with routing?

    eth0 is on fix external
    eth1 is on fix internal
    created lo: created from template (127.0.0.0 / 255.0.0.0)

    I thought to put in Routing rules
    destination: ip on eth0
    gateway: my internal ip destination (does it make any sens?)
    interface: ip on eth1 (???)

    There are still many things I can not sort out, so I have no chance to test it.
    Thanks for assistance

  7. #6
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    Hi Eric,

    I'll have a look this evening and let you know
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

  8. #7
    Just Joined!
    Join Date
    Nov 2007
    Posts
    8
    Hi,

    I'm going through manuals from fwbuilder.org. They are pretty old, but I'm getting slowly some ideas about the software and principles.

    I wanted to start my machine allowing 'everyone for everything' and gradually to insert rules watching how it works. Unfortunately I am not able to get my loopback.

    I have doubt how the loop is described.
    The only parameters I can insert is ip 127.0.0.1 / 255.0.0.0
    I can not specify that the loop is between eth0 and eth1.

    In Polices in Action field is an option for routing with the following parameters:
    Change inbound interface...
    Change outbound interface...
    Route through gateway....
    When those come with combination of Source / Destination and Direction....

    I don't feel it (mostly guess work) and I can not find any samples for routing in fwbuilder, but I'M LOOKING for it.

  9. #8
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    loopback is always 127.0.0.1 ?

    Have you created a firewall object and some host objects ?

    As for routing incoming requests from one host to another, use the NAT tab

    Code:
    Orig. Src | Orig. Dest | Orig Srv | Trans Src | Trans Dst | Trans Srv |
    ----------+------------+----------+-----------+-----------+-----------+
       Any    |    eth0    |   HTTP   | Original  |  MyHost   | Original  |
    You can drag and drop most things from the left tool bar on to the "policy", also the selection box just above it lets you choose user defined objects (mostly hosts / address ranges etc) and standard objects (predifined port / port ranges etc)
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

  10. #9
    Just Joined!
    Join Date
    Nov 2007
    Posts
    8
    Hi,
    I got question about loopback.

    Two weeks ago I was using 'ubuntu', and someone set me up a loopback. The setting of the loopback I could see in etc/network/interface.

    Someone recommended me to start using Fedora 7, as a easier one for newbie like me. After installation of Fedora I could not locate file etc/network/interface. I was told I don't need it because I can sort it out with iptables. Too early for me to make my iptables, so I went to Firestarter. It allowed me in very easy way to transfer communication from eth0 to any internal ip. There were few other thinks, did not work I thought they should work, but at least I could reroute the communication.

    The question:
    Do I need to create loopback creating file etc/network/interface or I could manage to reroute my communication with rules and polices in Fwbuilder only?

    Thanks for your assistance Matonb,
    regards

  11. #10
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    I got question about loopback.

    Two weeks ago I was using 'ubuntu', and someone set me up a loopback. The setting of the loopback I could see in etc/network/interface.

    Someone recommended me to start using Fedora 7, as a easier one for newbie like me. After installation of Fedora I could not locate file etc/network/interface.
    I'm not sure what they set up for you, a loopback device usually just talks to itself

    I was told I don't need it because I can sort it out with iptables.
    Yes you can manage all of the routing / address translation with iptables / fwbuilder.

    You do need an IP loopback interface but it's something you should never have to worry about unless you broke it
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •