I have to rebuild my server and have just started looking round the very comprehensive information posted here. It looks very nicely done and exactly what I need. I think I may be overlooking something though.. so would somebody please tell me where to look ... I do not seem to be able to find a section discussing the Linux Firewall / IP tables. Where should I search? The forum search box gave nothing. Security is very important and since this is not Windows then virus and spyware are not concerns but a firewall is an important discipline.
The other thing that did not leap out at me was a second nic. I am very used to one nic for the wan and one for the switch / lan but that may not be here. Is there any reason for this?
Firewall / IP Tables / Second nic
Re: Firewall / IP Tables / Second nic
Hi there and welcome to the forums.
I'm afraid I've done nothing on firewalls, my server is set up using the defaults and is behind my router firewall so is already "protected".
I only have a single nic but may be able to help you if you are having issues setting up two of them.
Ian.
I'm afraid I've done nothing on firewalls, my server is set up using the defaults and is behind my router firewall so is already "protected".
I only have a single nic but may be able to help you if you are having issues setting up two of them.
Ian.
Re: Firewall / IP Tables / Second nic
Hi Ian, thank you for your reply. You are very BRAVE. I am totally paranoid about firewalls now. I am based in a similar time zone to China. On my last server build I included an ftp server. I looked at the logs and was amazed to see I was getting hit with different dictionary attacks from a range of addresses which resolved back to universities in Shanghai and Beijing. (my Internet connection is basically terrible so this really was amazing) I closed the ftp ports and the activity in the logs suggested the problem had gone. The lesson for me was assume that problems can appear. Yes, my router has a firewall but since Linksys (in common with other manufacturers) publish pitiful information about what the firewall does, I cannot trust it.
If I get stuck with a second nic I will follow up with your kind offer of help. I am only likely to get stuck if I cannot access the Internet and since I will not run a dns server I am sort of hoping that this will not be an issue.
If I get stuck with a second nic I will follow up with your kind offer of help. I am only likely to get stuck if I cannot access the Internet and since I will not run a dns server I am sort of hoping that this will not be an issue.
Re: Firewall / IP Tables / Second nic
I would probably say "dumb" rather than "brave" 
In the past I've checked my firewall router using Shields Up. It shows stealth for all ports. I've always assumed that I'm properly protected. In your experience is that not the case?
Ian.
In the past I've checked my firewall router using Shields Up. It shows stealth for all ports. I've always assumed that I'm properly protected. In your experience is that not the case?
Ian.
Re: Firewall / IP Tables / Second nic
Shields Up does what it says .... it checks for visible ports. That is the easy way of hacking. I understand another approach is to take a block of IP addresses and to then test them and see what you can find. Hacking is a nasty business. A Linux user does very well compared with a Windows user but it is not good enough to say that since I use Linux and since my ports appear closed I am safe. You would be safer than others but nothing is perfect.
How did you run Shields Up? Did you run it from a client computer or from the server? (I am just wondering what results are being reported since if I recall correctly this service needs a browser with a gui)
How did you run Shields Up? Did you run it from a client computer or from the server? (I am just wondering what results are being reported since if I recall correctly this service needs a browser with a gui)
Re: Firewall / IP Tables / Second nic
Hi,
I run it from my windows desktop computer. I was assuming the results would be the same no matter where you run it from?
Ian.
I run it from my windows desktop computer. I was assuming the results would be the same no matter where you run it from?
Ian.
Re: Firewall / IP Tables / Second nic
Is it not reporting on the Windows desktop which may even have a firewall of its own ...? really not sure but I think Shields Up identifies the public IP (dynamic for many people) and then works back from the machine using that IP session address. The traffic will run through the server to the host machine running the tests and then report. I do not think this is a reflection of the server security. I may of course be wrong. I am married and that is known to happen.
If you installed gnome desktop as a VM presumably you can open a browser on the server and then run the test? It would be interesting to know if you get a different result ... or perhaps it would be worrying if you did
If you installed gnome desktop as a VM presumably you can open a browser on the server and then run the test? It would be interesting to know if you get a different result ... or perhaps it would be worrying if you did
Re: Firewall / IP Tables / Second nic
petercmx wrote:If you installed gnome desktop as a VM presumably you can open a browser on the server and then run the test? It would be interesting to know if you get a different result ... or perhaps it would be worrying if you did
Same result
