Page 11 of 29 FirstFirst ... 91011121321 ... LastLast
Results 101 to 110 of 286

Thread: HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

  1. #101
    Join Date
    Oct 2006
    Location
    /home
    Beans
    189

    Re: HOWTO: Set a custom firewall (iptables) and Tips

    Hi Frodon

    In your own script, which I'm following, you create a "Log Chain".
    Can you please tell me where can I find all blocked connections (both input and output)?
    Or what command shall I use in order to see all those blocked connections?

    Note: it is very important to be able to check all blocked connections (both input and output), in order to see if I'm blocking any legitimate traffic and in order to detect any attacks.

    cheers

  2. #102
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO: Set a custom firewall (iptables) and Tips

    I don't think the log will help you because it is a really really huge log, in my script i don't use the log generation because it takes ressources to create a log i don't need.
    To generate the log replace all the DROP commands you want a log for by the LOG_DROP chain instead. Then open the /etc/syslog.conf file and add this to the bottom :
    Code:
    #IPTables logging
    kern.debug;kern.info /var/log/firewall
    And restart the log daemon :
    Code:
    sudo /etc/init.d/sysklogd restart

  3. #103
    Join Date
    Oct 2006
    Location
    /home
    Beans
    189

    Re: HOWTO: Set a custom firewall (iptables) and Tips

    Thank you for your answer.
    I'm struggling with this issue, but I still can't log any iptables messages.

    I would like all block connections to be logged to /var/log/messages.

    Perhaps the problem resides on the firewall script.
    In order to try logging all blocked (dropped) connections I have been using the following entries on my firewall script:

    #iptables -N LOG_DROP
    #iptables -A LOG_DROP -j LOG --log-prefix '[IPTABLES DROP] : '
    #iptables -A LOG_DROP -j DROP

    Do you think there's something wrong with these entries? They are the only ones I use in order to try to log all block (dropped) connections to /var/log/messages.

    Have a nice day.

  4. #104
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO: Set a custom firewall (iptables) and Tips

    Uncomment the lines (remove the # character) to allow the LOG_DROP chain creation and replace everywhere you put "DROP" by "LOG_DROP" instead so the packets will be send through the LOG_DROP chain instead of the DROP chain directly.

  5. #105
    Join Date
    Oct 2006
    Location
    /home
    Beans
    189

    Re: HOWTO: Set a custom firewall (iptables) and Tips

    Thanks for your reply.

    I know what the "#" character mean and does. I tested the script without the "#". But because it didn't work I commented those lines. So when passing the rules to here, with the # character, I made a mistake, Sorry.

    My intention is to know when something gets blocked against my willing.
    If I replace DROP by LOG_DROP only the connections I decided on purpose to be blocked will be logged.


    So, in the mean time I think I found a way to get what I want:

    iptables -A INPUT -j LOG --log-prefix "In" --log-level 4 --log-tcp-options --log-ip-options
    iptables -A OUTPUT -j LOG --log-prefix "Out" --log-level 4 --log-tcp-options --log-ip-options

    These rules seem to work. I hope they don't introduce any security risks...

    Cheers

  6. #106
    Join Date
    Feb 2007
    Location
    Corvallis Oregon
    Beans
    35
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: HOWTO: Set a custom firewall (iptables) and Tips

    I installed your scripts and after starting the firewall I could not log into my ftp server. After running the 'flush' script I could. darn.

  7. #107
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO: Set a custom firewall (iptables) and Tips

    Which port use your ftp server juantao ?

    Eventually join your ftp server configuration file in the next post.

  8. #108
    Join Date
    Jun 2007
    Beans
    15

    Re: HOWTO: Set a custom firewall (iptables) and Tips

    i have been using ubuntu for a month now. i used your firewall script today and it worked excellently. thank you ! i have one problem though . i use an adsl connection and my NIC is configured to get address automatically via dhcp server when the modem is switched on,. now when the firewall is running when i put 192.168.1.1 in my browser's address bar, i can not get the modem configuration page. it says
    An error occurred while loading http://192.168.1.1:]
    Timeout on server
    Connection was to 192.168.1.1 at port 80
    but if i stop the firewall , then i can get the usual login page. so what code do i need to put in the script ?
    i figure it is i requesting connection at port 80 to ip 192.168.1.1 using tcp protocol ( correct me if i am wrong) via my ethernet card which is eth0. my internet interface is ppp0. so i should put
    iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT. besides this line , the firewall script is exactly as it is your example script. what am i doing wrong ?
    btw i had the same problem with firestarter.

  9. #109
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO: Set a custom firewall (iptables) and Tips

    If 192.168.1.1 is your modem address and you need to access it often maybe you could just accept all packets from 192.168.1.1, it would make something like that :
    Code:
    iptables -A TRUSTED -i eth0 -s 192.168.1.1 -j ACCEPT

  10. #110
    Join Date
    Jun 2007
    Beans
    15

    Smile Re: HOWTO: Set a custom firewall (iptables) and Tips

    thanks ! it worked like a charm

Page 11 of 29 FirstFirst ... 91011121321 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •