-
August 25th, 2007, 07:42 AM
#1
Junior Member
Test firewall on lan.
Hi
I have slackware 12 and shorewall fire wall with only one interface (stand alone) and a Dell router.
I wanted to test the effectiveness of the firewall so I went to a few websites that test for open ports. Sure enough all ports had shown as secure. I turned off the firewall and cleared the settings. Did the test again and still all ports were secure.
I figured I had my router to thank for the secure ports.
I set the rules to only allowing www. Everything else is dropped.
And yet, I am able to retrieve my emails through Thunderbird.
My questions is #1 wouldn't shorewall keep me from retrieving my emails since the only rule allowed for searching the web?
#2 How do I test that Shorewall is actually working since it appears that the router is keeping all of the ports secure and not Shorewall?
-
August 25th, 2007, 09:00 AM
#2
The quickest way to test would be to use a second computer
(i.e. a laptop) to run nmap from within your LAN, and then from
outside (a wifi hotspot?) across the WAN.
From what you describe, the Dell router is your first line of defense,
Shorewall your second. Nmap's going to give you a pretty good
idea of what your network looks like from inside and out.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
August 25th, 2007, 12:50 PM
#3
Originally Posted by okos
I set the rules to only allowing www. Everything else is dropped.
And yet, I am able to retrieve my emails through Thunderbird.
There's a difference between incoming (ingress) and outgoing (egress) traffic and their rules. Sites that scan your IP are basicly testing your ingress filters. Those filters have nothing to do with your egress traffic (checking your mail i.e.).
Oliver's Law:
Experience is something you don't get until just after you need it.
-
August 25th, 2007, 08:51 PM
#4
Junior Member
Originally Posted by SirDice
There's a difference between incoming (ingress) and outgoing (egress) traffic and their rules. Sites that scan your IP are basicly testing your ingress filters. Those filters have nothing to do with your egress traffic (checking your mail i.e.).
So downloading email on to your email client is considered egress and not ingress?
If that is the case, I probably do not need to allow www (I think port 80) either. I guess that would also be considered egress and not ingress.
Since I do not need to access my computer remotely, and do not use p2p, I guess I really do not need to accept any ingress.
Please correct me if I am wrong...
-
August 26th, 2007, 12:57 AM
#5
Hi okos,
So downloading email on to your email client is considered egress and not ingress?
Not quite. The act of initiating the download is egress but the response is ingress. You are physically accepting the mail items onto your machine.
Also, you probably download all sorts of updates and the like, which require ingress?
-
August 26th, 2007, 01:40 AM
#6
Junior Member
Originally Posted by nihil
Also, you probably download all sorts of updates and the like, which require ingress?
I use gslapt to update and upgrade.
-
August 26th, 2007, 01:55 AM
#7
Hi okos,
I know nothing about slackware, but would imagine that you initiate your own downloads?
In that case you will pick the allowed programs.
-
August 26th, 2007, 06:36 AM
#8
Junior Member
Originally Posted by nihil
I know nothing about slackware
I am just learning slackware. I started with debian etch this last january but ran into problems with the programs freezing quite often. I was not able to find any solutions.
So I thought I would try Slackware. I have found it to be quite stable. However It is not so user friendly for a newbie like me.
Originally Posted by nihil
but would imagine that you initiate your own downloads?
Unlike debian, slackware does not have apt-get. I had to install slapt-get from http://software.jaos.org/
Slackware and linuxpackages.net has repositories but I have found them to be somewhat limited for slackware 12.
So I have had to manually download several programs including Shorewall since I found no packages available.
Slackware also has installpkg but it does not work for <program>.tar.gz downloads. I found that the majority of downloadable programs in linux are in the <program>.tar.gz format. Then I have to manually install the program.
-
August 27th, 2007, 06:28 AM
#9
Originally Posted by nihil
Not quite. The act of initiating the download is egress but the response is ingress. You are physically accepting the mail items onto your machine.
Also, you probably download all sorts of updates and the like, which require ingress?
Strictly speaking you're correct. But I usually refer to in or egress by looking at who initiates the connection. Most modern (dsl, cable) modem/routers use statefull inspection in the firewall. So if you allow a connection to be initiated you automatically also accept the response
Oliver's Law:
Experience is something you don't get until just after you need it.
-
August 27th, 2007, 06:31 AM
#10
Originally Posted by okos
So downloading email on to your email client is considered egress and not ingress?
If that is the case, I probably do not need to allow www (I think port 80) either. I guess that would also be considered egress and not ingress.
Since I do not need to access my computer remotely, and do not use p2p, I guess I really do not need to accept any ingress.
Please correct me if I am wrong...
You're catching on
Some useful info, have a look at the connection establishment part:
http://en.wikipedia.org/wiki/Transmi...ntrol_Protocol
Oliver's Law:
Experience is something you don't get until just after you need it.
Similar Threads
-
By heatwave in forum AntiOnline's General Chit Chat
Replies: 4
Last Post: October 12th, 2012, 08:53 AM
-
By Relyt in forum Firewall & Honeypot Discussions
Replies: 20
Last Post: November 6th, 2005, 10:42 PM
-
By hattori.hanzo in forum Firewall & Honeypot Discussions
Replies: 8
Last Post: October 27th, 2005, 03:59 PM
-
By dirtyrider in forum Firewall & Honeypot Discussions
Replies: 4
Last Post: January 4th, 2005, 09:15 PM
-
By Negative in forum Other Tutorials Forum
Replies: 2
Last Post: February 2nd, 2003, 03:14 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|