[CLUE-Tech] Of Security and Firewalls..

[rfrank]

On Monday 19 March 2001 15:11, you wrote:
> Jim,
>
> I've had some of the same questions recently.  I definitely agree that
> IPTABLES is better and knowledge of such would be desired.  For myself,
> however, I also want to know and understand IPCHAINS well since I want to
> be more involved in security and many systems in place are using the 2.2
> kernel.  It sounds like you are just wanting something to protect your own
> network, so I'd go with the latest and best.
>
> Brian Jarrett

Well, my project this past week has been to understand firewalls, IPCHAINS
as such.  After manually crafting one machine to do the job, I took an
orphan machine (an old 200 MHz box with a 1.6G hard drive) and decided
to give ClarkConnect a try (www.clarkconnect.org).  I am impressed.

I downloaded an install diskette and an small (90 megabyte) iso download
that I burned to CD.  Then on the target machine I put in the floppy, booted
it, put the CD in and sat back to watch.  It installed just the subset of 
RH 6.2 that it needed plus ipchains and rc.firewall and portsentry and
samba and netatalk and apache and a cacheing nameserver and ssh.
It has everything there to turn on ftp and telnet if I want, and dhcpd too
but I left those off.  It is also doing masquerading and includes a 
web-based configuration tool.  License is GPL.

I logged in as root and compared my scripts with what ClarkConnect
did for the same topology.  My rc.firewall contained far fewer ipchains
entries but other than that, I was pretty close.  Then the fun began.
I did a shields-up scan of my site (www.linuxclssroom.org) and
the report was that the machine was cloaked: it had not only blocked
the ports, it appeared as if it had dropped of the net.  I checked the
logs and sure enough, there it was as blocked.  Sweet.

Bottom line: learn all you can from net docs and helpful clue-techies
and try ClarkConnect to learn more and to stay safely on-line.

Roger Frank