need firewall?

Asked by bazsik on 2008-06-10

I just want to know should I install any firewall app into the Ubuntu 8.04.
Is any basic firewall in the OS? or is it necessary at all?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
bazsik
Solved:
Last query:
Last reply:

Bazsik,

By default firewall is off. To turn on fire wall please refer this link http://www.funnestra.org/ubuntu/hardy/#ufw.

--Murali

Martin Božič (martin-bozic) said : #2

The ports for the incoming traffic in Ubuntu are closed by default (apart from those which are most common). If you want to monitor/configure the traffic on your ports, i recommend you to install Firestarter. For console firewall interface there is a new app called 'ufw' (Uncomplicated Firewall).

yes there is a firewall or something that works like a firewall in the kernal they are called iptables

bazsik (bazsikadam) said : #4

thanx the firestarter.
Can it share the internet, it can?

Jorge Juan (jjchico) said : #5

It is a long time I do not use firestarter, but it used to have an option to do masquerading (source NAT) to give Internet access to the hosts in the local network, if that is what you are asking. This is seldom useful today since most DSL/Cable/AP do it by default.

bazsik (bazsikadam) said : #6

Yes, I know but I want my ubuntu to be a routing server for the other PCs, and that's why I asking...
Or do you know any other better routing server app for this job?

Jorge Juan (jjchico) said : #7

Hi,

As I have said, firestarter will probably do the job. Anyway, configuring a "routing" server for the local PC's is easy if you do not mind using commands. Just put something like the examples in /etc/rc.local (extracted from the NAT and packet filtering howto's included with iptables (/usr/share/doc/iptables).

Hope this helps.

Example 1: router has a fixed real IP address (1.2.3.4):
--------------------------------------------------------------------
## Change source addresses to 1.2.3.4.
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Example 2: router has a dynamic IP o a ppp interface.
Also block all incoming traffic from the outside.
--------------------------------------------------------------------
# Masquerade out ppp0
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# Disallow NEW and INVALID incoming or forwarded packets from ppp0.
iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

bodhi.zazen (bodhi.zazen) said : #8

With a default installation of Ubuntu , all ports are open.

sudo iptables -L

will show that.

UFW is far superior to firestarter, especially when using NAT / forwarding. Firestarter is "OK" as a start for most desktop users, but firestarter will almost always fail with complex firewall rules.

UFW is easy to learn and takes less then an hour to get up and running. Hopefully there will be a gui interface soon.

See this link : https://help.ubuntu.com/8.04/serverguide/C/firewall.html

https://wiki.ubuntu.com/UbuntuFirewall

bazsik (bazsikadam) said : #9

Has UFW graphic board?
I'm a brand new ubuntu user so I have no any experiences about the OS....
But I should learn it all... :)

thanx...
workin' on it...