[amw_drizz]

Okay here is the deal,

I have a 1.0ghz AMD Duron CPU with 768megs SD-RAM PC-133 I don't know the motherboard but I believe it is MSI. But anyways that may be irrelavent to this issue. That said machine was running windows 2k3 Server with NAT/Basic Firewall, IIS, MySQL. The other day my internet went down, but the satilite modem was still on and working, Hooked in my laptop and I had internet. I couldn't ping my server. Normally the server is headless so I hooked up a monitor, keyboard & mouse. I saw the login box as normal, try logging in and the server rebooted. While it was booting back up it crashed again. After yanking the hard drive and putting it in my desktop for analysis I saw that 90% of my windows directory on server hd was gone, with a text file in the root of the drive saying "Your f*cked" They didn't delete any log files and they were still there, Checked them and found some discrepancies in it. But I didn't save the logs (I know I should have).

Anyways I put the HD back in the server and was going to load Win2k3 back on to it. But I decided to load linux on it instead. (So thus is why this topic is here)

After 4hrs of messing around / reinstalling ubuntu twice I finally got the server back to sharing the internet. But when I go to a site like GCR and use there shields up service it says my firewall has failed and all the ports minus 3 are open.

So long story short, Win2k3 exploded (well died), loaded ubuntu linux on the box, and I want to lock down the firewall so it is similar to the following

Default deny all from internet
allow normal Web ports out so I can browse the internet and download updates etc.
allow all internal (lan can access server no issue)

Also this computer has two NIC's for the task. And before any of you tell me to go and by a router. I AM BROKE. I have no money for a router, and besides this computer has been running fine for the past couple of years at this task, And I usally reinstall win2k3 every year or so. (don't ask me why just habbit now I guess)

Thanks Jon

[Advertisements]

The Ubuntu repo's should have Firestarter (if it's not already installed). I've never tried it but I understand it allows a great deal of control over the IP tables that Linux use for firewalls.

The kind of control you describe you might want to look at IP Cop . If you have a spare old PC and a couple of NICs to install in it you can create a nice appliance for controlling your network.

Smoothwall can also do a good job for what you might want. Again an old PC with a couple of NICs.

Edited by silverbeard, 12 February 2009 - 02:43 AM.

[silverbeard]

The Ubuntu repo's should have Firestarter (if it's not already installed). I've never tried it but I understand it allows a great deal of control over the IP tables that Linux use for firewalls.

The kind of control you describe you might want to look at IP Cop . If you have a spare old PC and a couple of NICs to install in it you can create a nice appliance for controlling your network.

Smoothwall can also do a good job for what you might want. Again an old PC with a couple of NICs.

Edited by silverbeard, 12 February 2009 - 02:43 AM.

[amw_drizz]

that is what this system is. 2 nics, one to the satellite modem, the other to the internal network.

After messing around with it yesterday some more. I finally got shorewall doing some of what I want it to do, It shares the net, and thats about it. I can't webmin on to the server.

I'll take a look at those links you suggested

EDIT: I tried firestarter and I don't Like how every site I try that tests the firewall says that it is all open

Edited by amw_drizz, 12 February 2009 - 05:27 AM.

[amw_drizz]

so why is it, every firewall program I use says a whole crap load of ports are open that really don't need to be? (when I use external firewall tests)

[silverbeard]

Most firewall test sites consider any visible port as open. Most will fail you for answering ICMP pings.

GRC's Shields Up is a good test.

Look for settings in your firewall to stealth the ports.

[amw_drizz]

I switched to Smoothwall, But I wasn't paying attention during the last part of the setup, they had a question worded quite differently, and I should of hit yes instead of no, And it set it up with everything open. Right now I am trying to get it switched to all closed with out reinstalling, since I downloaded the snort IDS files (was about 70megs), and I am on a Satellite connection with limited rolling monthly bandwidth (meaning it never resets to zero)

And I am still trying to figure out how to close all the ports. and set it to deny/drop all incoming.

EDIT:::

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.



Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.

that is from the first 3 tests before the ports.

Edited by amw_drizz, 13 February 2009 - 04:29 PM.