fire wall ap

Ray Parrish crp at cmc.net
Thu Feb 5 14:23:17 UTC 2009 

David Curtis wrote:
> On Thu, 29 Jan 2009 12:53:13 -0500
> Bill <pegasus at sc.rr.com> wrote:
>
>   
>> David Curtis wrote:
>>     
>>> On Wed, 28 Jan 2009 17:28:43 -0500
>>> "Bill" <pegasus at sc.rr.com> wrote:
>>>
>>>   
>>>       
>>>> I am new to Ubuntu, is it advisable to use (firestarter firewall). I am
>>>> aware that Linux does provide much greater security than windows.
>>>>
>>>>  
>>>>     
>>>>         
>>> For a decent answer to this you would have to describe how you connect to the Internet and what services you wish to run, ie. SMB (windows style file sharing), NFS (unix style file sharing), remote login etc. Is this a standalone computer or do you have a small office/home network?
>>>
>>>   
>>>       
>> This is a home wireless network thru a Linksys Router
>>
>>
>>     
> Okay. What I'm really asking is; What's the last stage between you and your ISP? Are you NATed (Natural Address Translation)? Are you directly facing the Internet?
>
> A simple ifconfig in a terminal will tell you whether you have an internal/test space IP address (10.x.x.x,172.16.0.0-172.31.255.255,192.168.x.x) or if you're getting served a real world IP. 
>
> Meaning, if your IP is an internal one your probably behind a device (modem/router) that's disguising you to the Internet, in that case don't worry about a firewalled interface unless you are severely paranoid. The device most likely wont port forward to privileged ports.
>
> If you have a real world IP for eth0 or a ppp0 entry in ifconfig then if you run a service like file sharing you're showing that service to the world, in this case you do want some decent firewall rules to govern that interface. 
>
> I have a hunch that you don't have to use pppoe to get an internet connection and you are NATed and fairly secure. If I were you, I'd worry more about people connecting to/sniffing your wireless network, use the strongest encryption your wireless router can do. 
>
> In the end, as Brian McKee said, if your not running TCP/IP services then there's no need to firewall. I almost said, no need to worry, But there's always things to be mildly concerned with. :-)
>
> Dave
>
>   
There is just one note I wanted to add to this discussion. If you are on 
a standalone system that is not exposing any services to the outside 
world, you can obviate the need for a firewall by properly configuring 
your /etc/hosts.deny file. All you have to do to block all access from 
the outside world is add the single line ALL:ALL to the hosts.deny file, 
and no one will be allowed to connect to your machine from the outside.

Should you decide to allow certain connections, you can always white 
list them in your hosts.allow file as well.

Adn for the other usual function of a firewall, the /ect/hosts file 
allows you to block your web browser, email client, and other internet 
programs from connecting to certain internet addresses by adding lines 
to the hosts file. Make sure you leave the first two lines intact, they 
will look like the following ones -

127.0.0.1  localhost username-desktop
127.0.1.1  username-desktop

Modify them to use your username instead of the word username. Then, to 
block your machine from connecting to any external site add a line like 
the following -

127.0.0.1 www.domain.com

This will redirect any attempts to connect to domain.com to your 
localhost, which results in nothing loading. There are quite a few sites 
on the net that offer pre-populated hosts files which block malware 
sites, ad servers, and porn sites, and update them on a regular basis.

You can also use the hosts file to redirect yourself to another domain 
when you try to load certain domains. I can't think of an example of why 
someone would want to do this, but you can do the following -

www.google.com www.yahoo.com

In this case, any attempt to load yahoo.com, would result in your being 
redirected to google.com. Have a look at man hosts, man hosts.deny, and 
man hosts.allow in terminal to get the rest of the details.

Later, Ray Parrish

-- 
Human reviewed index of links about the computer
http://www.rayslinks.com
Poetry from the mind of a Schizophrenic
http://www.writingsoftheschizophrenic.com/

More information about the ubuntu-users mailing list