RedHat default firewall

Bogler · 02-27-2002, 09:55 AM

I have the RedHat default firewall installed (medium level).

I started Linuxconf to see if i could configure it as i couldn't find any firewall tool in KDE.

I want to look at the logs and see what's been happening.

How do i do this?

P.S is the default firewall in 7.1/7.2 the same as the firewallss.txt file downloadable from RedHat?

Thanks

Bogler

JimH · 02-27-2002, 04:40 PM

Look in /var/log/messages. No, the firewallss.txt is not the same.

Some examples from my logs. I tried to select a variety. I am not using Red Hat's default firewall.

Feb 18 20:21:16 penguin kernel: DENIED PORT:IN=ppp0 OUT= MAC= SRC=194.3.198.213 DST=xxx.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=27116 DF PROTO=TCP SPT=1479 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0

Feb 21 20:15:41 penguin kernel: DENIED PORT:IN=ppp0 OUT= MAC= SRC=211.187.183.85 DST=xxx.xx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=20529 DF PROTO=TCP SPT=1182 DPT=27374 WINDOW=8192 RES=0x00 SYN URGP=0

Feb 22 06:50:47 penguin kernel: PACKET DROPPED:IN=ppp0 OUT= MAC= SRC=10.1.1.61 DST=xxx.xx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=51 ID=6686 DF PROTO=TCP SPT=80 DPT=4046 WINDOW=32476 RES=0x00 ACK SYN URGP=0

Feb 26 04:46:57 penguin kernel: PACKET DROPPED:IN=ppp0 OUT= MAC= SRC=152.63.25.53 DST=xxx.xx.xxx.xxx LEN=56 TOS=0x00 PREC=0x00 TTL=245 ID=0 PROTO=ICMP TYPE=3 CODE=1 [SRC=208.13.141.168 DST=168.169.8.21 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=7256 DF PROTO=TCP SPT=1191 DPT=53 WINDOW=10084 RES=0x34 ACK PSH URGP=706 ]

Feb 26 09:01:56 penguin kernel: PING:IN=ppp0 OUT= MAC= SRC=12.250.108.162 DST=xxx.xxx.xxx.xxx LEN=36 TOS=0x00 PREC=0x00 TTL=116 ID=22446 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=6924

Jim H

Bogler · 05-31-2002, 08:25 AM

I would like to set up IP Masq again.
I have the default kde3 firewall installed at Medium level.
I would like to replace this with the firewallss.txt firewall from RedHat as this worked before.

Problem is that ppp0 must be up for the script to run.

Where should i place the script so that it will automatically start up when ppp0 is started?

Also, how do i get rid of the default fireall that comes with kde/ or de-activate it?

I know i can do service ipchains stop

Thanks

Bogler

JimH · 05-31-2002, 04:05 PM

Originally Posted by Bogler

Where should i place the script so that it will automatically start up when ppp0
is started?

When I had a dial-up connection I turned my firewall on and off from /etc/sysconfig/network-scripts/ifup-post and /etc/sysconfig/network-scripts/ifdown-post. I had my dial-up set to dial on demand with entries in the above files the firewall script was stopped and started automatically.

Also, how do i get rid of the default fireall that comes with kde/ or de-activate it?

Red Hat's default firewall is configured with the lokkit package. There is also a GTK GUI for it that might be installed.

Jim H