mysurface

Posts tagged with "firestarter"

Run firestarter at background

Saturday, January 7, 2006 10:38:01 AM

One of the disadvantages of firestarter is it is a resource eater. If you leave firestarter in a long run, your RAM will be getting lesser and lesser. When you close the firestarter, Wow! you frees your RAM. (I use gkrellm to monitor my box resources)

I suspect it is because firestarter keep adding entry into my blocked event, as 24-7 there are so many strangers all around the world keep scanning my box and been blocked by firestarter. So how to resolve this if i want firestarter continue to protect my box and at the same time don't waste my RAM?

I discover that when I close my firestarter, the firewall rules stays. I try to check my iptables, the rules is still there until I reboot my system.

sudo iptables -L

And secondly i found a script at /etc/init.d, it is "firestarter". That means i can start the firestarter defined firewall rules without required to start the GUI, that's great!

I quickly create a symlink to /etc/rc2.d and reboot my system.

sudo ln -s /etc/init.d/firestarter /etc/rc2.d/S20firestarter

It works! But now i can't get the infomation of who is scanning my ports. I am wrong! i still can get the infomation, firestarter do store everything into /var/log/message. So if I wanna know the latest 20 blocked packets i can do this

dmesg | tail -n 20

Update:

 cat /var/log/messages | tail -n 20

Although it shows the same records, but with this, it shows more info.

No comments

Using Firestarter in Ubuntu to setup firewall

Sunday, January 1, 2006 4:21:37 PM

firestarter, firewall, ubuntu, linux

By default ubuntu doesn't come with firewall, not like other distro. But setup firewall can be very easy by using Firestarter. Setting up firewall in Linux can be very flexible by using iptables. You can customized your firewall by writting iptables script which it can be very complex, Iptables not only use to define firewall rules, it can be use as a bandwidth monitoring, port forwarding, etc. But If you only want to setup a simple firewall to protect your box, i suggest you try firestarter.

Why I want to setup firewall?

Before I decided to setup firewall, I always ask myself, why would I want to set up firewall. For me, i don't really care at first. But after i used firestarter ( firestarter have real time monitor to track down active connections and the blocked connections) I discover that there are so many host keep scaning my ports, why would I wanna let them scan my port? The feeling is just like you open your windows (NOT microsoft OS) and people keep spying you through your windows.

How to setup firewall using firestarter?

By default, firestarter deny most of the inbound ports and open all ports for outbound. That means if you use default firestarter settings, it blocks most of the inbound ports such as IRC, GAIM, EDonkey, SSH, samba, dhcp etc. That means you will facing problem of allows others user access through these ports. So you would like to allow these ports for outsiders.

1. At Policy tab, select Inbound traffic policy.
2. Select the second bar which have Allow service, port, for fields.
3. Click Add rules button.
4. Select the service you want to allow, let say samba(smb)
5. You can allows to anyone, but for me, i only allow for hosts within my subnet
6. My subnet is from 192.168.1.1 til 192.168.1.254
7. So i select "ip, host or network" option and insert "192.168.1.0/24"
(In order to understand why 192.168.1.0/24 , you need more reading on IP subneting)
8. Select Outbound traffic policy, make sure it selects "Permissive by default, blicklist traffic"
9. Click apply rules and start firewall.

Bellow are the common ports to open which do not defines in firestarter:

1. eDonkey network 4662-4672
2. msn, yahoo, gaim 1863
3. ircd 6667-6670 (default IRC port is 6667)
4. msn file transfer (6891-6900)

To know more about what ports for what purpose, go
here, in case you wanna allow other port for your application.

[Update]
Use to search port: http://ports.tantalo.net/
IRC: chat.freenode.net do authentication using tcp 113, i facing some delay to log in the server, should accept this freenode-ip:113 tcp.

No comments