Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Firestarter Firewall general question

Jun 1, 2005 9:43PM PDT

I have recently downloaded Firestarter firewall and it seems to run fine but, for learning purposes, I would like to fine tune some iptables rules manually. Before I do this, I was wondering if this may cause problems for firestarter (assuming I make no errors in my configurations) or if firestarter will just ignore the manual rules when running (for example, if I configure PAT directly in iptables, will firestarter see this when started and display it in its gui).
I have found lots of information stating Firestarter works with ipchains/iptables but none that I have found explicitly say one way or the other whether manual configuration can be used with or should be avoided when using the product.

Discussion is locked

- Collapse -
My question.
Jun 1, 2005 9:57PM PDT

If this is a linux box, and there is no service answering said packets, what is this firewall doing?

It does not make sense to enable a service then to firewall it off?

Bob

- Collapse -
RE:
Jun 2, 2005 6:59AM PDT

I'm not sure I understand your question but I'll try answering it how I understand. The firewall is to give perimeter defense to a small home network and will not completely be locked down but just limit the external access to internal services. The internal service (whether web or ftp) may or may not be on a DMZ but will need to give access to external clients so, to have external addresses preserved (particularly since I only have one) I will need network address translation for internal clients to access the net but also Port address translation so that when external clients try to attach to (for example) port 80 on the firewall which will have the external address, they will actually be forwarded to the web server that has an internal address.
If I have misunderstood what I have read regarding iptables, I apologize, but it was my understanding this could be done. I know that every port you have forwarded does weaken the defenses of a firewall but then again if you keep all ports closed then you would have no need of a firewall as you would not be connected to another network. Sorry if I'm over generalizing and again, I appreciate any corrections of my understanding.
In short, the firewall is protecting a small network while allowing limited access to an internal service. I know this is only part of the overall security but I am trying to learn one step at this point and will move onto IDS and host securing shortly.
I hope I am clearer.

- Collapse -
That is much clearer.
Jun 2, 2005 7:26AM PDT

Since you have non-linux clients ( I bet Windows ) and Windows can have issues with malformed packets, connections to ports unknown by us (no centralized services like linux), then you have the right ideas.

Keep going, you'll get there.

Bob

- Collapse -
You won your bet
Jun 2, 2005 7:35AM PDT

Thanks.

Clarity is not my mother tongue but I'm working on it.

Any idea on my original question (Bob or anyone else?)

- Collapse -
From what I saw...
Jun 2, 2005 7:46AM PDT

The firewall will just fail with output to its logfiles about what it didn't like.

Take it slowly and keep a backup of what works.

Bob