Using Firestarter to Configure a Fedora Linux Firewall.Purchase and download the fully updated Fedora 1.PDF and e. Pub versions of this e.Book for only 9. PDFe.Pub editions contain 4.In Basic Fedora Linux Firewall Configuration we looked at how the Firewall Configuration tool provides a basic and high level mechanism for configuring the underlying iptable firewall rules on Fedora Linux.While this approach was ideal for configuring some of the less advanced areas of the firewall, more advanced configurations required a detailed knowledge of iptables rules.In this chapter we will look at a more advanced and flexible firewall configuration tool called Firestarter.As we will see, Firestarter provides a greater level of control over both inbound and outbound network traffic and connections still without having to learn the intricacies of iptables.Installing Firestarter on Fedora Linux.Firestarter is not installed by default when Fedora is first installed.The first step in using Firestarter, therefore, is to install it.Firestarter may be installed using either the AddRemove Software tool or at the Linux command line using the yum utility.To download Firestarter using AddRemove Software, select the System desktop menu, choose Administration and click on AddRemove Software.Enter your password when prompted to do so.Enter firestarter in the text field and on the Find button.After the search completes, you will see firestarter in the package list.Simply click on the check box and click on the Apply button to start the installation.To install from the command line, begin by opening a terminal window by selecting the Applications menu and selecting Terminal from the System Tools menu.In the terminal window enter the following command and press enter to execute it.Enter your password when prompted to do so and wait while Firestarter is downloaded and installed.Running Firestarter.To launch Firestarter, select Applications System Tools Firestarter or type firestarter at the command prompt in a terminal window and enter the root password when prompted to do so.The first time Firestarter is run it will ask a number of questions about your network environment.Click Forward on the first introductory screen to display the following screen.Juniper Request System Software AddSelect the device on which you wish to have the firewall operate.If you are connected to a network this is likely to be eth.If you are connected directly to a cable or DSL modem this may be ppp.If your system obtains an IP address from a DHCP server check this option.Click Forward when you are ready to move to the next screen.This page controls whether Internet Connection Sharing is to be used.Firestarter allows you to configure a single Linux system as the gateway to the internet.All other computers on your network then access the internet through the gateway system.US/Fedora/14/html-single/Deployment_Guide/images/Graphical_Package_Management-removing_a_package.png' alt='Add On Systems Inc' title='Add On Systems Inc' />Advanced Digital Data IncThe computers that access the internet through the gateway system will appear to the outside world to have the same IP address as the gateway system.This is essentially a mechanism for sharing a single internet connection amongst a network of multiple computers whilst masking the identity i.IP address of those computers.Note that this configuration requires that you have two network cards installed in the system one for the internet connection and another for the local area network.Check Enable Internet Connection Sharing if you wish to use this feature.System Administration Add Remove Software.Please note that AddRemove Software will not work without.Fedora 10 DVD to something like.This all changes in fedora 18 4 years 13.If you would like the system running Firestarter to also allocate IP addresses to the client machines also check the Enable DHCP for local network box.If the option is disabled it may be that DHCP server is not installed on your system.To install it either use the Package Manager to search for, and install a package called dhcp or install it from the command line as follows.Once the DHCP server is installed, exit and restart Firestarter and this time the Enable DHCP for local network option should be enabled.Click Forward to proceed.Finally the wizard is ready to start the firewall.Click the Save button to save your settings, start the firewall and launch the Firestarter application.Using Firestarter.The following screenshot shows the Firestater user interface.The Firestarter Status Screen.In the above screen the Status page is displayed showing that the Firewall is running, the number of events detected, the volume of data that has been sent and received by the system since the firewall was activated and a list of active connections.In the above example there are outbound SSH, FTP and HTTP connections active.This means that someone is connected to another system using SSH, an FTP session is active to upload or download files and a web browser is running.This list is updated in real time to reflect any new or closed connections.The Firestarter Events Screen.Firestarter also logs any events that it deems to be serious.To learn more about these events select the Events tab to show the list of events.In the above example we see some attempts by the systems at IP addresses 1.Because some of these are Samba messages we can assume that they are safe.Samba is a system which allows Windows systems to access Linux filesystems and other resources over a network connection.Upon investigation it turns out that IP addresses 1.Windows XP systems on the local network.Clearly these systems send out a message every now and then to see if there are any new network resources to add to their lists.The events of concern to us are the ones indicating that the firewall rejected attempts by the system at IP address 1.SSH and Telnet connections with our system.SSH and Telnet are protocols for establishing remote connections between computer systems for the purposes of creating a terminal session, executing programs and transferring files.Clearly such an event is a matter of concern, but fortunately the firewall detected and blocked the connection for us.Right clicking on a blocked event in the list displays menu containing a number of options.From this menu it is possible to allow connections from this external IP address for example if you find the access attempt was valid, enable connections of this type from any source and also disable the port used for this type of connection.It is also possible to look up host names so that system names, rather than IP addresses are displayed.The Firestarter Policy Screen.The Policy screen lists any policy rules which have been set up on the firewall.By default the screen appears as follows with no rules defined.In the next section of this chapter we will look at defining firewall security policy.Defining Firewall Policies.Probably the most important task in configuring a firewall is defining policy.This essentially involves specifying what traffic will be permitted by the firewall.Policy is defined in the Policy screen of the Firestarter user interface as shown above.Defining Inbound Policy.Firestarter allows Policy to be defined for both inbound and outbound traffic. How To Install Mods For 3D Custom Girl Mods . Select either Outbound policy or Inbound policy depending on the rules you wish to edit.We will begin by looking at inbound traffic policy.With Inbound policy selected we can specify the hosts from which we will allow inbound connections.To do so, click in the Allow connections from host area of the screen area of the screen so that the Add Rule toolbar button activates.Click on the Add Rule button to invoke the Add new inbound rule dialog as shown below.Enter the host name or IP address of the host for which you wish to enable connections and an optional comment and click the Add button to add the rule.The IP address or host name will now be listed in the Policy screen.Click on the Apply Policy button located in the toolbar to make this policy active.Firestarter also allows inbound connections to TCPIP services to be controlled.TCPIP defines a set of services that can be provided by a network host.These cover services such as HTTP for running a web server, NFS for remote access to file systems, SSH for remote access and file copying between systems.Each of these services runs on a particular network port for a complete list of services and their respective ports refer to Primary TCPIP Port Assignments and Descriptions.To define Policy for services click in the Allow service area of the Policy screen and click the Add Rule toolbar button to access the add rule dialog.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |