D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Re: tcpdump



On Thursday 26 Aug 2004 19:40, Neil Williams wrote:
tony@xxxxxxxxxxxxxxx wrote:
Neil Williams writes:
I find it hard to get my head round the idea that this
little ethernet box has a firewall in it.

You'd better bet that it does! (Your network is naked without one!)

Uh? What is iptables for then? There's only one PC. In Reading I had
two PCs and then sure you need a firewall in the router.

?? You need a firewall in the router even when there are NO other
devices connected!!

iptables on a machine inside the local network is an insurance policy or
used to restrict certain services within the LAN. Don't rely on iptables
on the PC, implement them as close as possible to the internet itself.

I think the issue of firewalls and NAT/MASQ have been confused here. All a 
firewall does is stop specific packets of data from going through some 
device, that device may be one of those IP enabled tiny-microcontrollers or a 
linux box with two ethernet ports acting as a router or a workstation on the 
network. If you have multiple devices on a LAN trying to access the internet 
then you also have Network Address Translation and IP Masquaradeing going on. 
This allows a computer on a LAN to talk through a _gateway_ to the outside 
world and recieve data back. Typicaly this gateway system will also do 
firewall duties. Linux IPTables can do firewall and NAT/MASQ  duties (and 
other stuff) as can most routers. So the gateway/router system should have a 
primary firewall to protect against the wild internet, but you may wish to 
have internal firewalls on each system on the LAN as extra security, 


firewalls are easy and simple, there's no need for a hungry CPU, it
can all go on a simple logic chip.

OK, so there is a firewall in the modem and this is probably preventing
ftp from working. But I can't find out what its rules are and I can't
change them. All I can do is talk to http://192.168.1.1 and there is
nothing there about firewall rules.


Are you trying to ftp in or out? i think out. A good way of checking what your 
firewall is blocking is to run the SheildsUP test on http://www.grc.com this 
will probe all your root ports and a couple of others, pay attention to 21 
and 20. While this will not be conclusive it may give you an indication of 
what your firewall is up to. Most firewalls are statefull, that is if you 
send out a packet they will be expecting the return and let it through but a 
unsolicited packet will be blocked. The only way to check outbound is to 
launch a nmap attack agains a server you have access to the firewall logs.

Can you get along to the meeting on Saturday?

Check again: This sounds like a broadband ROUTER, not a broadband modem.
It contains a modem, sure, but it connects to your PC via ethernet and
has an IP address for itself - that qualifies it as a ROUTER in my book.

:-)

(lots of stuff snipped)

Finally you don't seem to conclude if your packets are being blocked in or 
outbound, I have an open ftp server you could attempt to log in to, mail me 
off list for the address (i don't really want to avertise it) and i can watch 
the syslog etc. 

-- 

Robin Cornelius
---------------------------------------------------
robin@xxxxxxxxxxxxxxxxxxxxx
GPG Key ID: 0x729A79A23B7EE764
http://www.biglumber.com/x/web?qs=0x729A79A23B7EE764

Attachment: pgp00041.pgp
Description: signature


Lynx friendly