Well; What are you default rules for your firewall, sensibly they should be something
like this:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
This will close all inbound connections to your box. (Be carefull not to enter this
from the command line if you are mounting NFS, I did and it locks your machine!) We
now need to flush all existing rules by doing:
# flush the NAT tables
iptables -t nat -F
# flush filter table
iptables -F
# flush user-defined rules
iptables -X
Set up masquerading:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
Allow the loopback interface:
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
Allow internal ethernet i/face:
iptables -A OUTPUT -o eth0 -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
Set up those already established inbound/outbound requests,
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
Do the icmp bit:
iptables -A OUTPUT -p ICMP --icmp-type echo-request -j ACCEPT
iptables -A FORWARD -o ppp0 -p ICMP --icmp-type echo-request -j ACCEPT
Now set up the rules for those services you want to open. Do some firewall reading for
that. As I said, I am not an expert, but I understand the basic, If anyone can add to
this....your welcome. But I would be suprised if the port 139 was still open from the
exterior.
Dave.
Original Message:
-----------------
From: daRcmaTTeR [EMAIL PROTECTED]
Date: Thu, 31 Jan 2002 07:24:52 -0500
To: [EMAIL PROTECTED]
Subject: Re: [expert] What firewall to use in MDK 8.1
On Wed, 30 Jan 2002 20:02:21 -0600
"J. Craig Woods" <[EMAIL PROTECTED]> studiouisly spake these words to
ponder:
> daRcmaTTeR wrote:
> > > >
> > > > thanks, but that didn't seem to make any difference. for what ever
> > > > reason iptables -A INPUT -p udp --dport -i ppp0 -j DROP
> > > > doesn't make any difference. port 139 remains open to the outer
> > > > interface.
>
> Unless there is something seriously wrong with your firewall
> implementation or your kernel, the above IPTABLE rule should work. How
> do you know that your outside UDP port 139 is open (not the inside port
> 139 for eth0, that might be open)? What kind of check did you do? Are
> you running any kind of samba or windows netbios?
>
Craig,
yes, I'm running Samba on the Mandrake machine for the winders box on the
LAN. I've using the Sygate security scan to check my ports.
http://sygatetech.com/
this is getting stranger and strangerer...
--
daRcmaTTeR
---------------------------------------------------------------------
Registered Linux User 182496
---------------------------------------------------------------------
7:05am up 24 days, 21:37, 3 users, load average: 0.47, 0.38, 0.28
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
