where is the firewall?
robert rottermann
robert at redcor.ch
Thu Sep 17 06:53:25 UTC 2009
Anthony Christopher schrieb:
> Anthony Christopher wrote:
>> robert rottermann wrote:
>>
>>> NoOp schrieb:
>>>
>>>
>>>> On 09/16/2009 11:52 AM, robert rottermann wrote:
>>>>
>>>>
>>>>> first: where is the firewall, how do I configure it?
>>>>>
>>>>> iptables -L shows nothing.
>>>>>
>>>>> if there is (as I am afraid) no firewall, how is the access from the internet
>>>>> block (the box is is used as a webserver).
>>>>>
>>>>>
>>>>>
>>>> $ locate iptables
>>>> /sbin/iptables
>>>> etc.
>>>>
>>>> If it's not there (should be):
>>>> http://packages.ubuntu.com/dapper/iptables
>>>>
>>>> You may also find these links helpful:
>>>>
>>>> <http://ubuntu-tutorials.com/2009/06/03/getting-started-with-firewall-builder/>
>>>> https://help.ubuntu.com/6.06/index.html
>>>> [Server Guide - HTML, PDF]
>>>> https://help.ubuntu.com/6.06/ubuntu/serverguide/C/index.html
>>>> <https://help.ubuntu.com/6.06/ubuntu/serverguide/C/firewall-configuration.html>
>>>>
>>>>
>>>>
>>>>
>>>>
>>> thanks for your quick answer
>>>
>>> sorry, I was not precise enouth.
>>> iptables is installed but there are no rules
>>>
>>> /sbin/iptables
>>> iptables v1.3.3: no command specified
>>> Try `iptables -h' or 'iptables --help' for more information.
>>> root at ubuntu60664m:~# /sbin/iptables -L
>>> Chain INPUT (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> Chain FORWARD (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> does that mean, that there i no firewall on this system?
>>>
>>> robert
>>>
>>>
>>>
>> It means that the firewall built-in to your operating system is pretty
>> much wide open, which with the minimalist ubuntu approach to
>> installation may not be as big of a problem as it first sounds. But
>> your previous administrator may have been one of those people who when
>> they have something that works, stick to it, Thus they may have
>> installed some other firewall that worked for them on a different
>> system. Since most firewalls are started on boot-up, you might look
>> through the script names in /etc/init.d and read various files like
>> /etc/rc.local or the files in the /etc/network file tree to see if any
>> of them indicate the startup of a firewall. It might be simpler though
>> to use a program that tests your systems network security and address
>> any IP vulnerabilities using an iptables firewall script.
>>
>>
>>
> It also has come to mind that your server may sit in a network where
> some other box on the network, between you and the outside world may
> serve as a dedicated firewall for the box in question. If this is the
> case then there probably exists someone with a job title like ¨network
> administrator¨ that can be asked about security for your server.
no this is a root server hired at a big providers colocation place. a minimal
ubuntu setup was done at startup.
since then the machine is running.
uptime shows
07:32:57 up 694 days, 2:03, 1 user, load average: 0.00, 0.00, 0.00
on the box apache is running running in front of a python based application
server/cms (Zope/Plone).
what I really want, is to access the application server directly trough port 8080.
on the other boxes I am supporting I am using SuSe in various variants.
One of SuSe nice things is its configuration front end yast. which has spoilt
me, so I hardly ever did deal with the init.d scripts "by hand".
can anybody point me to some read up, where I find the following tasks explained:
- setting up a firewall
is uwf a good solution ?
- start up inetd or some such so I can access arbitrary ports (like 8080 ..)
if this is needed at all
thanks for your help
robert
More information about the ubuntu-users
mailing list