Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 01 Feb 2015, 06:17
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
Needed- idiot's guide to firewall configuration
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Author Message
gerry

Joined: 26 Jul 2007
Posts: 971
Location: England

PostPosted: Thu 15 Jan 2015, 13:58    Post subject:  Needed- idiot's guide to firewall configuration  

Hi...

I've looked at lots of instructions for setting up firewalls (including the Puppy one). For the life of me I can't figure out:

Which ports do I need open?
What do all those acronyms for port functions mean?
Which ports/services/acronyms do I need open for what I want to do?

What I need to do is:

Communicate with the router.
Then, through the router, use the internet.
Also though the router communicate with the domestic LAN, ie other computers and printer.

Where can I find an idiot's guide to all this?

Gerry

_________________
78, and still learning
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 9452

PostPosted: Thu 15 Jan 2015, 15:18    Post subject:  

if you have a router then don't bother doing anything... you will be fine as is.

Mike
Back to top
View user's profile Send private message 
gerry

Joined: 26 Jul 2007
Posts: 971
Location: England

PostPosted: Thu 15 Jan 2015, 18:49    Post subject:  

Yes, I see that being true at home, but what about my Puppy-powered laptop in a hotel?

Gerry

_________________
78, and still learning
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 9452

PostPosted: Fri 16 Jan 2015, 07:58    Post subject:  

Well a hotel and other shared wifi will normally also be using a router so again would have a built in firewall.

You could check by using the shields up site
https://www.grc.com/x/ne.dll?bh0bkyd2

Usually the only methods that may not have a firewall would be such as a dial up or usb modem and 3g phone/dongle interfaces.
If in that case you needed the puppy firewall then the default settings should be fine... you do not need to open ports to surf the web or email... its only normally needed if say you wanted to use VNC or run a (game) server.

Again you can check its effectiveness with shields up.

hope that helps

mike
Back to top
View user's profile Send private message 
sheldonisaac

Joined: 21 Jun 2009
Posts: 461
Location: Philadelphia, PA

PostPosted: Fri 16 Jan 2015, 09:31    Post subject:  

[quote="mikeb"]You could check by using the shields up site
https://www.grc.com/x/ne.dll?bh0bkyd2

It said
Quote:
Ping Reply: RECEIVED (FAILED)

What can I do about that?

Thanks,
Sheldon

_________________
Dell E6410: LuPu Super 2 & various Puppys;Dell D610: Windows XP, Puppy Linux 5.2, 'lina-lite;
Intel D865GBF: Windows XP, Puppy Linux 5.2;
Acer Aspire One: Windows XP, Puppy Linux 5.2; ASUS P5A: MS-Windows 98SE, Puppy Linux 2.14X
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 1253
Location: Tamworth UK

PostPosted: Fri 16 Jan 2015, 10:41    Post subject:  

If you do a lot of travelling and hence using hotel/library routers etc. then you DO need a good software firewall on your machine.

1) the router firewall may not be set up in the most secure of ways and may have been hacked by other guests.

2) you need to protect yourself from the other GUESTS on your side of the firewall.


Quote:
What can I do about that?
Go into the control pages of your router and look for
Respond/Reply to external ping and turn it off.
What this means is that when someone does a hacking style mass ping of possible IP addresses your router does not reply and say "I'm here and responding - try me!" Smile

_________________
I can't remember the last time I forgot something!
Back to top
View user's profile Send private message 
Semme

Joined: 07 Aug 2011
Posts: 4529
Location: World_Hub

PostPosted: Fri 16 Jan 2015, 12:08    Post subject:  

The single easiest thing you could install >> arno-iptables-firewall
Quote:
I get a lot of emails from people complaining that their webserver etc. stopped working after installing my firewall. This is the CORRECT behaviour for a firewall: BLOCKING ALL incoming traffic by default! Configure your eg. OPEN_TCP accordingly!

With sections for just about every situation, it's not much different from anything else that you'd sit down to acquaint yourself with. The fact that with a few simple desktop scripts, you'd have the ability to both stop and start, test new rules or bypass those already in place. I posted because I believe there's another member here looking to learn a thing or two.

_________________
>>>Free will is a gift you will never know how to use until you fight for it<<<
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 9452

PostPosted: Fri 16 Jan 2015, 12:24    Post subject:  

Well I did assume this query was for home use so recommendations by others may well apply.
I have never used wifi anywhere other than home...though will be trying the library soon so my first taste of it. This does not make me an expert on the subject Very Happy ...but at least I got the thread some attention. Smile

Interesting the thought about other LAN users... Not having any LAN/SSL and similar services running is a good idea...puppy will be doing that by default unlike Windows. That should leave no mechanisms for intrusions though LAN since otherwise everything is outgoing (to the internet).
I did make windows safe by disabling rpc and netbios eventhough I was not hidden behind a firewall for example.

The shields up test are worth doing to double check any installation...so keep the link handy and you will get familiar with what to look for.

I believe BurnIT answered the ping question nicely... and yes its something to not do if possible.

Happy browsing

mike
Back to top
View user's profile Send private message 
gerry

Joined: 26 Jul 2007
Posts: 971
Location: England

PostPosted: Fri 16 Jan 2015, 19:03    Post subject:  

Semme...

You didn't grasp my problem: how can I set up a firewall without knowing what services I need, what port numbers I need open, and so on. SSL? what's that? And so on...

All I know is that I want to connect to the internet through my router (which gets full marks from Shields Up) and to the printer and PCs on our home LAN. Away from home I would just to connect to a router. I imagine the latter is a default setting, but what about the printer and so on?

Gerry

_________________
78, and still learning
Back to top
View user's profile Send private message 
Semme

Joined: 07 Aug 2011
Posts: 4529
Location: World_Hub

PostPosted: Fri 16 Jan 2015, 19:18    Post subject:  

Then YOU, want something like THIS to *remote connect* into your home box.

http://www.makeuseof.com/tag/connect-home-network-dyndns/

http://www.computerhope.com/issues/ch000842.htm

Access your home server from behind a router

_________________
>>>Free will is a gift you will never know how to use until you fight for it<<<
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 9452

PostPosted: Sat 17 Jan 2015, 07:44    Post subject:  

.I believe gerry ONLY wants to use the internet (default settings) when away from home but does not want the same firewall setup to affect his home LAN connection to printer and file sharing .. is that the correct picture? ie no remote desktop facilities...

Seems like he needs default firewall active when away just to be sure regardless of environment and disabled in his safe home installation... seems the simplest option . I assume on puppy it is easy to turn firewall on and off?

mike
Back to top
View user's profile Send private message 
gerry

Joined: 26 Jul 2007
Posts: 971
Location: England

PostPosted: Sat 17 Jan 2015, 11:09    Post subject:  

Thanks Mikeb. You've crystallised the way I was thinking. No firewall at home, default config on holiday.

Gerry

_________________
78, and still learning
Back to top
View user's profile Send private message 
neerajkolte


Joined: 10 Feb 2014
Posts: 502
Location: Pune, India.

PostPosted: Sat 17 Jan 2015, 12:51    Post subject:  

Thanks Semme for the links and arno-iptables-firewall.
I will study them.

Thanks.

- Neeraj.

_________________
"One of my most productive days was throwing away 1000 lines of code."
- Ken Thompson

“We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.”
- Amara’s Law.
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 9452

PostPosted: Thu 29 Jan 2015, 12:57    Post subject:  

Topical thread for me... went and used the library wifi for the first time ever in my sheltered computer life and yes sure enough their router or whatever they used had no apparent firewall... all ports closed not stealthed... naughty naughty...not a problem while I used linux but seems like i will need my rpcss hacked for xp and disabling any netbios/samba for there....wow like the good old modem days . Will also contact them to ask why they have such an insecure setup or do they expect users to do the firewall boogie?
Curiously they must have something present since the port needed for my website emails was blocked.

mike
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 9603
Location: Stratford, Ontario

PostPosted: Thu 29 Jan 2015, 13:17    Post subject:  

mikeb wrote:
and yes sure enough their router or whatever they used had no apparent firewall... all ports closed not stealthed... naughty naughty

Please explain.

Quote:
...not a problem while I used linux but seems like i will need my rpcss hacked for xp and disabling any netbios/samba for there

Whether it's Windows or Linux, I would be concerned if I was exposing shares on my machine to other users on the LAN in the library.

Quote:
Curiously they must have something present since the port needed for my website emails was blocked.

Why curious? Maybe they know what they're doing.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0837s ][ Queries: 11 (0.0059s) ][ GZIP on ]