Solved

Linux firewall

Posted on 2002-05-25
4
147 Views
Last Modified: 2010-03-18
Hi
I am using mandrake 8.2
I need to protect against atacks from the net
What is the best firewall for my case?
Is there some firewall that I can configure in X86 environment?

Thanks
0
Comment
Question by:maomorta
  • 2
4 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
ID: 7034659
use iptables as firewall
There exist a GUI for it too: FWBuilder, and some others
AFAIK admins who whant to protect their site do not use GUIs, but realy know what they configure ;-)
0
 

Author Comment

by:maomorta
ID: 7045725
Hi
The program have a good interface but I have a problem
When I try to execute the shell script I receive the following error:

./test.fw
+ '[' -x /usr/bin/logger ']'
+ logger -p info 'Activating firewall script compaq.ottolini.pt.fw generated Fri May 31 01:27:34 2002 WET by fmmr'
+ modprobe ip_conntrack
/lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_conntrack.o.gz: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
modprobe: insmod /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_conntrack.o.gz failed
modprobe: insmod ip_conntrack failed
+ exit 1

Do you know how to correct it?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7049738
I highly recommend to build the iptables into the kernel, and not use modules.
The erro seems to be as it says: busy (invalid parameters, etc).
0
 

Expert Comment

by:Chungkuo
ID: 7059897
As root, list the modules you have currently loaded with lsmod. You should see something like this:

ipt_state                608   3  (autoclean)
ipt_MASQUERADE          1216   1  (autoclean)
ipt_LOG                 3104   7  (autoclean)
iptable_mangle          2144   0  (autoclean) (unused)
iptable_filter          1728   1  (autoclean)
iptable_nat            12756   1  [ipt_MASQUERADE]
ip_conntrack           12748   2  [ipt_state ipt_MASQUERADE iptable_nat]
ip_tables              10304   8  [ipt_state ipt_MASQUERADE ipt_LOG iptable_mangle iptable_filter iptable_nat]

These are the modules you need loaded for most iptables functions (if you want MAC filtering, you need to load ipt_mac as well).

Try loading the modules outside of the shell script using modprobe. Try:

modprobe ip_conntrack

and see what happens. Also try loading a couple of the other modules (like ip_tables and iptable_nat) and see if they load.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now