Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Test firewall on lan.

  1. #1
    Junior Member
    Join Date
    Jun 2007
    Location
    California
    Posts
    16

    Test firewall on lan.

    Hi
    I have slackware 12 and shorewall fire wall with only one interface (stand alone) and a Dell router.

    I wanted to test the effectiveness of the firewall so I went to a few websites that test for open ports. Sure enough all ports had shown as secure. I turned off the firewall and cleared the settings. Did the test again and still all ports were secure.

    I figured I had my router to thank for the secure ports.

    I set the rules to only allowing www. Everything else is dropped.
    And yet, I am able to retrieve my emails through Thunderbird.

    My questions is #1 wouldn't shorewall keep me from retrieving my emails since the only rule allowed for searching the web?

    #2 How do I test that Shorewall is actually working since it appears that the router is keeping all of the ports secure and not Shorewall?

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    The quickest way to test would be to use a second computer
    (i.e. a laptop) to run nmap from within your LAN, and then from
    outside (a wifi hotspot?) across the WAN.

    From what you describe, the Dell router is your first line of defense,
    Shorewall your second. Nmap's going to give you a pretty good
    idea of what your network looks like from inside and out.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by okos
    I set the rules to only allowing www. Everything else is dropped.
    And yet, I am able to retrieve my emails through Thunderbird.
    There's a difference between incoming (ingress) and outgoing (egress) traffic and their rules. Sites that scan your IP are basicly testing your ingress filters. Those filters have nothing to do with your egress traffic (checking your mail i.e.).
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Junior Member
    Join Date
    Jun 2007
    Location
    California
    Posts
    16
    Quote Originally Posted by SirDice
    There's a difference between incoming (ingress) and outgoing (egress) traffic and their rules. Sites that scan your IP are basicly testing your ingress filters. Those filters have nothing to do with your egress traffic (checking your mail i.e.).
    So downloading email on to your email client is considered egress and not ingress?
    If that is the case, I probably do not need to allow www (I think port 80) either. I guess that would also be considered egress and not ingress.

    Since I do not need to access my computer remotely, and do not use p2p, I guess I really do not need to accept any ingress.
    Please correct me if I am wrong...

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi okos,

    So downloading email on to your email client is considered egress and not ingress?
    Not quite. The act of initiating the download is egress but the response is ingress. You are physically accepting the mail items onto your machine.

    Also, you probably download all sorts of updates and the like, which require ingress?

  6. #6
    Junior Member
    Join Date
    Jun 2007
    Location
    California
    Posts
    16
    Quote Originally Posted by nihil
    Also, you probably download all sorts of updates and the like, which require ingress?
    I use gslapt to update and upgrade.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi okos,

    I know nothing about slackware, but would imagine that you initiate your own downloads?

    In that case you will pick the allowed programs.

  8. #8
    Junior Member
    Join Date
    Jun 2007
    Location
    California
    Posts
    16
    Quote Originally Posted by nihil
    I know nothing about slackware
    I am just learning slackware. I started with debian etch this last january but ran into problems with the programs freezing quite often. I was not able to find any solutions.
    So I thought I would try Slackware. I have found it to be quite stable. However It is not so user friendly for a newbie like me.

    Quote Originally Posted by nihil
    but would imagine that you initiate your own downloads?
    Unlike debian, slackware does not have apt-get. I had to install slapt-get from http://software.jaos.org/
    Slackware and linuxpackages.net has repositories but I have found them to be somewhat limited for slackware 12.

    So I have had to manually download several programs including Shorewall since I found no packages available.

    Slackware also has installpkg but it does not work for <program>.tar.gz downloads. I found that the majority of downloadable programs in linux are in the <program>.tar.gz format. Then I have to manually install the program.

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by nihil
    Not quite. The act of initiating the download is egress but the response is ingress. You are physically accepting the mail items onto your machine.

    Also, you probably download all sorts of updates and the like, which require ingress?
    Strictly speaking you're correct. But I usually refer to in or egress by looking at who initiates the connection. Most modern (dsl, cable) modem/routers use statefull inspection in the firewall. So if you allow a connection to be initiated you automatically also accept the response
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by okos
    So downloading email on to your email client is considered egress and not ingress?
    If that is the case, I probably do not need to allow www (I think port 80) either. I guess that would also be considered egress and not ingress.

    Since I do not need to access my computer remotely, and do not use p2p, I guess I really do not need to accept any ingress.
    Please correct me if I am wrong...
    You're catching on

    Some useful info, have a look at the connection establishment part:
    http://en.wikipedia.org/wiki/Transmi...ntrol_Protocol
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Similar Threads

  1. firewall detection and network probing
    By heatwave in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: October 12th, 2012, 08:53 AM
  2. Firewall Recommendations - Number Six!
    By Relyt in forum Firewall & Honeypot Discussions
    Replies: 20
    Last Post: November 6th, 2005, 10:42 PM
  3. Firewall Pen Test
    By hattori.hanzo in forum Firewall & Honeypot Discussions
    Replies: 8
    Last Post: October 27th, 2005, 03:59 PM
  4. Multiple Firewall Products Bypass Vulnerability
    By dirtyrider in forum Firewall & Honeypot Discussions
    Replies: 4
    Last Post: January 4th, 2005, 09:15 PM
  5. Linux LPI 101 - Part II
    By Negative in forum Other Tutorials Forum
    Replies: 2
    Last Post: February 2nd, 2003, 03:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •