[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
On Thursday 26 Aug 2004 19:40, Neil Williams wrote:
tony@xxxxxxxxxxxxxxx wrote:Neil Williams writes:I find it hard to get my head round the idea that this little ethernet box has a firewall in it.You'd better bet that it does! (Your network is naked without one!)Uh? What is iptables for then? There's only one PC. In Reading I had two PCs and then sure you need a firewall in the router.?? You need a firewall in the router even when there are NO other devices connected!! iptables on a machine inside the local network is an insurance policy or used to restrict certain services within the LAN. Don't rely on iptables on the PC, implement them as close as possible to the internet itself.
I think the issue of firewalls and NAT/MASQ have been confused here. All a firewall does is stop specific packets of data from going through some device, that device may be one of those IP enabled tiny-microcontrollers or a linux box with two ethernet ports acting as a router or a workstation on the network. If you have multiple devices on a LAN trying to access the internet then you also have Network Address Translation and IP Masquaradeing going on. This allows a computer on a LAN to talk through a _gateway_ to the outside world and recieve data back. Typicaly this gateway system will also do firewall duties. Linux IPTables can do firewall and NAT/MASQ duties (and other stuff) as can most routers. So the gateway/router system should have a primary firewall to protect against the wild internet, but you may wish to have internal firewalls on each system on the LAN as extra security,
firewalls are easy and simple, there's no need for a hungry CPU, it can all go on a simple logic chip.OK, so there is a firewall in the modem and this is probably preventing ftp from working. But I can't find out what its rules are and I can't change them. All I can do is talk to http://192.168.1.1 and there is nothing there about firewall rules.
Are you trying to ftp in or out? i think out. A good way of checking what your firewall is blocking is to run the SheildsUP test on http://www.grc.com this will probe all your root ports and a couple of others, pay attention to 21 and 20. While this will not be conclusive it may give you an indication of what your firewall is up to. Most firewalls are statefull, that is if you send out a packet they will be expecting the return and let it through but a unsolicited packet will be blocked. The only way to check outbound is to launch a nmap attack agains a server you have access to the firewall logs.
Can you get along to the meeting on Saturday? Check again: This sounds like a broadband ROUTER, not a broadband modem. It contains a modem, sure, but it connects to your PC via ethernet and has an IP address for itself - that qualifies it as a ROUTER in my book. :-)
(lots of stuff snipped) Finally you don't seem to conclude if your packets are being blocked in or outbound, I have an open ftp server you could attempt to log in to, mail me off list for the address (i don't really want to avertise it) and i can watch the syslog etc. -- Robin Cornelius --------------------------------------------------- robin@xxxxxxxxxxxxxxxxxxxxx GPG Key ID: 0x729A79A23B7EE764 http://www.biglumber.com/x/web?qs=0x729A79A23B7EE764
Attachment:
pgp00041.pgp
Description: signature