I recently set up a firewall for a customer using slink and kernel 2.2.3. I just want to verify that the setup is secure. I have read through the Firewall HOWTO but it hasn't been updated since 1996 and doesn't reflect the software I am using now ... so I ask here.
eth0: 1.2.3.4 (external interface) eth1: 192.168.1.1 (internal interface) The server has been running great without reboot for over a month and everyone is very happy. The internal LAN consists of Windows (3.1, 95, 98 and NT), Novell, DOS and Linux machines. Over the weekend the LAN administrator had some Novell accounts disappear from one of the internal servers. He asked if someone could have come through the firewall and done it. I find it doubtful but thought I should ask people more knowledgeable than myself. There is no running inetd. netstat -a show this: Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address State raw 0 0 *:1 *:* raw 0 0 *:6 *:* Active UNIX domain sockets (including servers) unix 1 [ ] STREAM CONNECTED 22313 @00000011 unix 1 [ ] STREAM CONNECTED 35 @00000002 unix 1 [ ] STREAM CONNECTED 29 @00000001 unix 0 [ ACC ] STREAM LISTENING 26 /dev/log unix 1 [ ] STREAM CONNECTED 22314 /dev/log unix 1 [ ] STREAM CONNECTED 36 /dev/log unix 1 [ ] STREAM CONNECTED 30 /dev/log I am using kernel 2.2.3 (soon to be 2.2.5) and ipchains. My ipchains rules are as follows: ipchains -P forward DENY ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0 which listing chains give: Chain input (policy ACCEPT): Chain forward (policy DENY): target prot opt source destination ports MASQ all ------ 192.168.1.0/24 anywhere n/a Chain output (policy ACCEPT): How secure is this setup? Is there any way for people on the Internet to come through and connect to internal hosts? Also, I have installed ipac in the hope that I can monitor connection attempts from outside our network. Does the slink ipac package work with ipchains and kernel 2.2.x? Thanks for your time and any assistance! Fraser