Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Kubuntu User (http://www.linux-archive.org/kubuntu-user/)
-   -   firewall (http://www.linux-archive.org/kubuntu-user/118523-firewall.html)

Edmund Laugasson 07-03-2008 10:18 PM

firewall
 
> I am looking to set up a firewall with fwbuilder, I use the wizard compile successfully but get this error when tryin to install.

I used NARC and it works like a charm -
http://www.knowplace.org/pages/howtos/firewalling_with_netfilter_iptables/netfilter_automatic_rule_configurator.php

It is command line script but very well commented and it uses iptables to do its work. NARC is just
one command line frontend to get iptables configured and run in your way. Installing is very easy -
just copy 3 different files into different places, modify the firewall script, update running
services and start script as firewall. Everyting is well documented and easy to use.

You can put to file /etc/rc.local the following row:
/usr/sbin/narc start
.... to start NARC automatically at boot.

Then after you configured the NARC and started it - you may forget it. It just works. If you need
some ports to be open, just reconfigure /etc/narc/narc.conf to fit your needs, restart NARC daemon
and that's it!

But NARC will not start if there is no IP-address at selected network interface. This is commonly
when network interface is just not up or getting IP-address takes some time over DHCP. Then you need
some pause before the NARC will start to give some time for network interface starting up:
sleep 10; /usr/sbin/narc start
... this "10" is the time in seconds, after when the system will run followed command. If 10 seconds
is not enough for your computer - give some more time :) Just test it.

You may check firewall working like this:
sudo iptables -L
or
sudo narc status


If sudo iptables -L gives you picture like this:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

... then no firewall is working.

If NARC is working - there will be much more longer information in table.


Best Regards,
Edmund

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Jim Douglas 07-04-2008 04:42 PM

firewall
 
I am trying to install FirewallBuilder on Kubuntu and keep getting this error,





Copying /home/sa/emma.fw -> 192.168.1.1:/etc


SSH session terminated, exit status: -1


Error: Terminating install sequence





I tried this,





http://sourceforge.net/forum/message.php?msg_id=4586134





...but now I get this error,





Copying /home/sa/emma.fw -> 127.0.0.1:/etc


*** Fatal error :


--**--**-- Done bash: /etc/emma.fw: Permission denied


Error: Terminating install sequence








....any suggestions?

Perhaps someone could suggest a similar, easy to use firewall??* I'ts a simple network...my Kubuntu server/router allows internet access to one other machine...




Thank you,


Jim





The i’m Talkaton. Can 30-days of conversation change the world? Find out now.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Frederic Schaer 07-04-2008 05:00 PM

firewall
 
firewall builder is trying to setup the firewall using *root* account :
it connects via ssh to 127.0.0.1 for you, so you'll probably want to
check that root account has a password (and enter this one when asked),
and that root is allowed to connect via ssh on 127.0.0.1. I don't think
fwbuiled is able to use sudo (and that's a pity) when installing the
firewall, so don't try with your standard user account (I guess this is
the cause of the permission denied error)

Personnally, to secure a bit the ssh thing, I have this line in
/etc/ssh/sshd_config :

PermitRootLogin yes
AllowUsers me root@localhost

Hope that helps...
Cheers

Jim Douglas a écrit :
> I am trying to install FirewallBuilder on Kubuntu and keep getting
> this error,
>
> Copying /home/sa/emma.fw -> 192.168.1.1:/etc
> SSH session terminated, exit status: -1
> Error: Terminating install sequence
>
> I tried this,
>
> http://sourceforge.net/forum/message.php?msg_id=4586134
>
> ...but now I get this error,
>
> Copying /home/sa/emma.fw -> 127.0.0.1:/etc
> *** Fatal error :
> --**--**-- Done bash: /etc/emma.fw: Permission denied
> Error: Terminating install sequence
>
>
> ....any suggestions?
>
> Perhaps someone could suggest a similar, easy to use firewall?? I'ts
> a simple network...my Kubuntu server/router allows internet access to
> one other machine...
>
>
> Thank you,
> Jim
>
>
>
> ------------------------------------------------------------------------
> The i’m Talkaton. Can 30-days of conversation change the world? Find
> out now.
> <http://www.imtalkathon.com/?source=EML_WLH_Talkathon_ChangeWorld>

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Jim Douglas 07-04-2008 05:17 PM

firewall
 
when I installed Kubuntu I set up a non root username, "sa" ...is there a default "root" password?* I don't remember it asking for a root password...just an initial account un/pw
...

> Date: Fri, 4 Jul 2008 19:00:37 +0200
> From: fred.schaer@free.fr
> To: kubuntu-users@lists.ubuntu.com
> Subject: Re: firewall
>
> firewall builder is trying to setup the firewall using *root* account :
> it connects via ssh to 127.0.0.1 for you, so you'll probably want to
> check that root account has a password (and enter this one when asked),
> and that root is allowed to connect via ssh on 127.0.0.1. I don't think
> fwbuiled is able to use sudo (and that's a pity) when installing the
> firewall, so don't try with your standard user account (I guess this is
> the cause of the permission denied error)
>
> Personnally, to secure a bit the ssh thing, I have this line in
> /etc/ssh/sshd_config :
>
> PermitRootLogin yes
> AllowUsers me root@localhost
>
> Hope that helps...
> Cheers
>
> Jim Douglas a écrit :
> > I am trying to install FirewallBuilder on Kubuntu and keep getting
> > this error,
> >
> > Copying /home/sa/emma.fw -> 192.168.1.1:/etc
> > SSH session terminated, exit status: -1
> > Error: Terminating install sequence
> >
> > I tried this,
> >
> > http://sourceforge.net/forum/message.php?msg_id=4586134
> >
> > ...but now I get this error,
> >
> > Copying /home/sa/emma.fw -> 127.0.0.1:/etc
> > *** Fatal error :
> > --**--**-- Done bash: /etc/emma.fw: Permission denied
> > Error: Terminating install sequence
> >
> >
> > ....any suggestions?
> >
> > Perhaps someone could suggest a similar, easy to use firewall?? I'ts
> > a simple network...my Kubuntu server/router allows internet access to
> > one other machine...
> >
> >
> > Thank you,
> > Jim
> >
> >
> >
> > ------------------------------------------------------------------------
> > The i’m Talkaton. Can 30-days of conversation change the world? Find
> > out now.
> > <http://www.imtalkathon.com/?source=EML_WLH_Talkathon_ChangeWorld>
>
> --
> kubuntu-users mailing list
> kubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Use video conversation to talk face-to-face with Windows Live Messenger. Get started.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Edmund Laugasson 07-04-2008 05:20 PM

firewall
 
Jim Douglas kirjutas:
> I am trying to install FirewallBuilder on Kubuntu and keep getting error
> ....any suggestions?

I used NARC and it works like a charm -
http://www.knowplace.org/pages/howtos/firewalling_with_netfilter_iptables/netfilter_automatic_rule_configurator.php

I suggest it also to you!

It is command line script but very well commented and it uses iptables to do its work. NARC is just
one command line frontend to get iptables configured and run in your way. Installing is very easy -
just copy 3 different files into different places, modify the firewall script, update running
services and start script as firewall. Everyting is well documented and easy to use.

You can put to file /etc/rc.local the following row:
/usr/sbin/narc start
.... to start NARC automatically at boot.

Then after you configured the NARC and started it - you may forget it. It just works. If you need
some ports to be open, just reconfigure /etc/narc/narc.conf to fit your needs, restart NARC daemon
and that's it!

But NARC will not start if there is no IP-address at selected network interface. This is commonly
when network interface is just not up or getting IP-address takes some time over DHCP. Then you need
some pause before the NARC will start to give some time for network interface starting up:
sleep 10; /usr/sbin/narc start
... this "10" is the time in seconds, after when the system will run followed command. If 10 seconds
is not enough for your computer - give some more time :) Just test it.

You may check firewall working like this:
sudo iptables -L
or
sudo narc status


If sudo iptables -L gives you picture like this:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

... then no firewall is working.

If NARC is working - there will be much more longer information in table.


Best Regards,
Edmund

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Jim Douglas 07-05-2008 05:19 PM

firewall
 
when I installed Kubuntu it asked me for a user name and I chose 'sa'.* It did not ask for a 'root' password anywhere.

Is there a 'root' account setup or should* I set one up?

Thanks,
Jim


> Date: Fri, 4 Jul 2008 19:00:37 +0200
> From: fred.schaer@free.fr
> To: kubuntu-users@lists.ubuntu.com
> Subject: Re: firewall
>
> firewall builder is trying to setup the firewall using *root* account :
> it connects via ssh to 127.0.0.1 for you, so you'll probably want to
> check that root account has a password (and enter this one when asked),
> and that root is allowed to connect via ssh on 127.0.0.1. I don't think
> fwbuiled is able to use sudo (and that's a pity) when installing the
> firewall, so don't try with your standard user account (I guess this is
> the cause of the permission denied error)
>
> Personnally, to secure a bit the ssh thing, I have this line in
> /etc/ssh/sshd_config :
>
> PermitRootLogin yes
> AllowUsers me root@localhost
>
> Hope that helps...
> Cheers
>
> Jim Douglas a écrit :
> > I am trying to install FirewallBuilder on Kubuntu and keep getting
> > this error,
> >
> > Copying /home/sa/emma.fw -> 192.168.1.1:/etc
> > SSH session terminated, exit status: -1
> > Error: Terminating install sequence
> >
> > I tried this,
> >
> > http://sourceforge.net/forum/message.php?msg_id=4586134
> >
> > ...but now I get this error,
> >
> > Copying /home/sa/emma.fw -> 127.0.0.1:/etc
> > *** Fatal error :
> > --**--**-- Done bash: /etc/emma.fw: Permission denied
> > Error: Terminating install sequence
> >
> >
> > ....any suggestions?
> >
> > Perhaps someone could suggest a similar, easy to use firewall?? I'ts
> > a simple network...my Kubuntu server/router allows internet access to
> > one other machine...
> >
> >
> > Thank you,
> > Jim
> >
> >
> >
> > ------------------------------------------------------------------------
> > The i’m Talkaton. Can 30-days of conversation change the world? Find
> > out now.
> > <http://www.imtalkathon.com/?source=EML_WLH_Talkathon_ChangeWorld>
>
> --
> kubuntu-users mailing list
> kubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Making the world a better place one message at a time. Check out the i’m Talkathon.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Paul Lemmons 07-05-2008 05:40 PM

firewall
 
Jim Douglas wrote:

when I installed Kubuntu it asked me for a user name and I
chose 'sa'.* It did not ask for a 'root' password anywhere.



Is there a 'root' account setup or should* I set one up?



Thanks,

Jim






By default kubuntu has a root account with no password. You can easily
setup a password on the root account if you wish:



> sudo passwd root



It will first prompt you for your password and then you enter the
password you want for the root account.



The choice of having a password or not is a philosophical one. For me
it is more a matter of practicality.




--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Pastor JW 07-05-2008 05:59 PM

firewall
 
On Saturday 05 July 2008 10:19:21 am Jim Douglas wrote:
> when I installed Kubuntu it asked me for a user name and I chose 'sa'. It
> did not ask for a 'root' password anywhere.

It kinda did, you use sudo and your own password to do root commands.

> Is there a 'root' account setup or should I set one up?

There is one already, check https://help.ubuntu.com/community/RootSudo

This frustrating at first as it is so illogical but soon it becomes habit.


--
73 de N7PSV aka Pastor JW <n>< * PDGA# 35276
http://the-inner-circle.org
http://groups.yahoo.com/group/the_original_inner_circle
http://h.webring.com/hub?ring=universalministr

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Jim Douglas 07-05-2008 06:08 PM

firewall
 
I have enabled the 'root' account...but now I get this error,

Copying /root/emma.fw -> 127.0.0.1:/etc
/etc/ssh/ssh_config: line 52: Bad configuration option: PermitRootLogin
/etc/ssh/ssh_config: line 53: Bad configuration option: AllowUsers
/etc/ssh/ssh_config: terminating, 2 bad configuration options
SSH session terminated, exit status: -1
Error: Terminating install sequence

When I look at the documentation, I don't see what's wrong with those two lines

...this is my ssh_config,


# This is the ssh client system-wide configuration file.* See
# ssh_config(5) for more information.* This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#* 1. command line options
#* 2. user-specific file
#* 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.* For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#** ForwardAgent no
#** ForwardX11 no
#** ForwardX11Trusted yes
#** RhostsRSAAuthentication no
#** RSAAuthentication yes
#** PasswordAuthentication yes
#** HostbasedAuthentication no
#** GSSAPIAuthentication no
#** GSSAPIDelegateCredentials no
#** GSSAPIKeyExchange no
#** GSSAPITrustDNS no
#** BatchMode no
#** CheckHostIP yes
#** AddressFamily any
#** ConnectTimeout 0
#** StrictHostKeyChecking ask
#** IdentityFile ~/.ssh/identity
#** IdentityFile ~/.ssh/id_rsa
#** IdentityFile ~/.ssh/id_dsa
#** Port 22
#** Protocol 2,1
#** Cipher 3des
#** Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#** MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#** EscapeChar ~
#** Tunnel no
#** TunnelDevice any:any
#** PermitLocalCommand no
*** SendEnv LANG LC_*
*** HashKnownHosts yes
*** GSSAPIAuthentication yes
*** GSSAPIDelegateCredentials no
*** PermitRootLogin yes
*** AllowUsers root

I also tried *** AllowUsers root root@localhost.com



Jim


> Date: Fri, 4 Jul 2008 19:00:37 +0200
> From: fred.schaer@free.fr
> To: kubuntu-users@lists.ubuntu.com
> Subject: Re: firewall
>
> firewall builder is trying to setup the firewall using *root* account :
> it connects via ssh to 127.0.0.1 for you, so you'll probably want to
> check that root account has a password (and enter this one when asked),
> and that root is allowed to connect via ssh on 127.0.0.1. I don't think
> fwbuiled is able to use sudo (and that's a pity) when installing the
> firewall, so don't try with your standard user account (I guess this is
> the cause of the permission denied error)
>
> Personnally, to secure a bit the ssh thing, I have this line in
> /etc/ssh/sshd_config :
>
> PermitRootLogin yes
> AllowUsers me root@localhost
>
> Hope that helps...
> Cheers
>
> Jim Douglas a écrit :
> > I am trying to install FirewallBuilder on Kubuntu and keep getting
> > this error,
> >
> > Copying /home/sa/emma.fw -> 192.168.1.1:/etc
> > SSH session terminated, exit status: -1
> > Error: Terminating install sequence
> >
> > I tried this,
> >
> > http://sourceforge.net/forum/message.php?msg_id=4586134
> >
> > ...but now I get this error,
> >
> > Copying /home/sa/emma.fw -> 127.0.0.1:/etc
> > *** Fatal error :
> > --**--**-- Done bash: /etc/emma.fw: Permission denied
> > Error: Terminating install sequence
> >
> >
> > ....any suggestions?
> >
> > Perhaps someone could suggest a similar, easy to use firewall?? I'ts
> > a simple network...my Kubuntu server/router allows internet access to
> > one other machine...
> >
> >
> > Thank you,
> > Jim
> >
> >
> >
> > ------------------------------------------------------------------------
> > The i’m Talkaton. Can 30-days of conversation change the world? Find
> > out now.
> > <http://www.imtalkathon.com/?source=EML_WLH_Talkathon_ChangeWorld>
>
> --
> kubuntu-users mailing list
> kubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Making the world a better place one message at a time. Check out the i’m Talkathon.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Jim Douglas 07-05-2008 06:54 PM

firewall
 
> From: pastor_jw@the-inner-circle.org
> To: kubuntu-users@lists.ubuntu.com
> Subject: Re: firewall
> Date: Sat, 5 Jul 2008 10:59:12 -0700
>
> On Saturday 05 July 2008 10:19:21 am Jim Douglas wrote:
> > when I installed Kubuntu it asked me for a user name and I chose 'sa'. It
> > did not ask for a 'root' password anywhere.
>
> It kinda did, you use sudo and your own password to do root commands.
>
> > Is there a 'root' account setup or should I set one up?
>
> There is one already, check https://help.ubuntu.com/community/RootSudo
>
> This frustrating at first as it is so illogical but soon it becomes habit.
>
>
> --
> 73 de N7PSV aka Pastor JW <n>< * PDGA# 35276
> http://the-inner-circle.org
> http://groups.yahoo.com/group/the_original_inner_circle
> http://h.webring.com/hub?ring=universalministr
>
> --
> kubuntu-users mailing list
> kubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users


From the command line it makes perfecet sense.* When GUI installers need root privelages what options do you have.

I enabled the root account and logged on as root, is there any other way?

Jim


It’s a talkathon – but it’s not just talk. Check out the i’m Talkathon.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users


All times are GMT. The time now is 11:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.