SKIP THE SHIPPING
Use code NOSHIP during checkout to save 40% on eligible eBooks, now through January 5. Shop now.
Register your product to gain access to bonus material or receive a coupon.
While Linux firewalls are inexpensive and quite reliable, they lack the supportcomponent of their commerical counterparts. As a result, most users of Linuxfirewalls have to resort to mailing lists to solve their problems. Our authorshave scoured firewall mailing lists and have compiled a list of the most oftenencountered problems in Linux firewalling. This book takes a Chilton's manualdiagnostic approach to solving these problems.The book begins by presenting the two most common Linux firewallconfigurations and demonstrates how to implement these configurations in animperfect network environment, not in an ideal one. Then, the authors proceedto present a methodology for analyzing each problem at various network levels:cabling, hardware components, protocols, services, and applications. Theauthors include diagnostic scripts which the readers can use to analyze andsolve their particular Linux firewall problems. The reference distributions areRed Hat and SuSE (for international market).
Introduction to Troubleshooting Linux Firewalls
Download the Sample
Chapter related to this title.
I. GETTING STARTED.
1. Introduction.
Why We Wrote This Book
How This Book Is Organized
Goals of This Book
The Methodical Approach and the Need for a Methodology
Firewalls, Security, and Risk Management
How to Think About Risk Management
Computer Security Principles
Firewall Recommendations and Definitions
Why Do I Need a Firewall?
Do I Need More Than a Firewall?
What Kinds of Firewalls Are There?
Firewall Types
The Myth of "Trustworthy" or "Secure" Software
Know Your Vulnerabilities
Creating Security Policies
Training
Defense in Depth
Summary
2. Getting Started.
Risk Management
Basic Elements of Risk Management
Seven Steps to Managing Risk
Phase I: Analyze
Inventory
Quantify the Value of the Asset
Threat Analysis
Phase II: Document
Create Your Plan
Create a Security Policy
Create Security Procedures
Phase III: Secure the Enterprise
Implement Policies
Implement Procedures
Deploy Security Technology and Counter Measures
Securing the Firewall Itself
Isolating Assets
Filtering
Ingress/Egress Filtering
Phase IV: Implement Monitoring
Phase V: Test
Phase VI: Integrate
Phase VII: Improve
Summary
3. Local Firewall Security.
The Importance of Keeping Your Software Up to Date
yum
red carpet
up2date
emerge
apt-get
Over Reliance on Patching
Turning Off Services
Using TCP Wrappers and Firewall Rules
Running Services with Least Privilege
Restricting the File System
Security Tools to Install
Log Monitoring Tools
Network Intrusion Detection
Host Intrusion Detection
Remote Logging
Correctly Configure the Software You Are Using
Use a Hardened Kernel
Other Hardening Steps
Summary
4. Troubleshooting Methodology.
Problem Solving Methodology
Recognize, Define, and Isolate the Problem
Gather Facts
Define What the "End State" Should Be
Develop Possible Solutions and Create an Action Plan
Analyze and Compare Possible Solutions
Select and Implement the Solution
Critically Analyze the Solution for Effectiveness
Repeat the Process Until You Resolve the Problem
Finding the Answers or...Why Search Engines Are Your Friend
Websites
Summary
II. TOOLS AND INTERNALS.
5. The OSI Model: Start from the Beginning.
Internet Protocols at a Glance
Understanding the Internet Protocol (IP)
Understanding ICMP
Understanding TCP
Understanding UDP
Troubleshooting with This Perspective in Mind
Summary
6. netfilter and iptables Overview.
How netfilter Works
How netfilter Parses Rules
Netfilter States
What about Fragmentation?
Taking a Closer Look at the State Engine
Summary
7. Using iptables.
Proper iptables Syntax
Examples of How the Connection Tracking Engine Works
Applying What Has Been Covered So Far by Implementing Good Rules
Setting Up an Example Firewall
Kernel Options
iptables Modules
Firewall Rules
Quality of Service Rules
Port Scan Rules
Bad Flag Rules
Bad IP Options Rules
Small Packets and Rules to Deal with Them
Rules To Detect Data in Packets Using the String Module
Invalid Packets and Rules to Drop Them
A Quick Word on Fragments
SYN Floods
Polite Rules
Odd Port Detection and Rules to Deny Connections to Them
Silently Drop Packets You Don't Care About
Enforcement Rules
IP Spoofing Rules
Egress Filtering
Send TCP Reset for AUTH Connections
Playing Around with TTL Values
State Tracking Rules
STEALTH Rules
Shunning Bad Guys
ACCEPT Rules
Summary
8. A Tour of Our Collective Toolbox.
Old Faithful
Sniffers
Analyzing Traffic Utilization
Network Traffic Analyzers
Useful Control Tools
Network Probes
Probing Tools
Firewall Management and Rule Building
Summary
9. Diagnostics.
Diagnostic Logging
Scripts To Do This for You
The catch all Logging Rule
The iptables TRACE Patch
Checking the Network
Using a Sniffer to Diagnose Firewall Problems
Memory Load Diagnostics
Summary
III. DIAGNOSTICS.
10. Testing Your Firewall Rules (for Security!).
INSIDE->OUT Testing with nmap and iplog
Interpreting the Output from an INSIDE->OUT Scan
Testing from the OUTSIDE->IN
Reading Output from nmap
Testing your Firewall with fragrouter
VLANs
Summary
11. Layer 2/Inline Filtering.
Common Questions
Tools Discussed in this Part
Building an Inline Transparent Bridging Firewall with ebtables (Stealth Firewalls)
Filtering on MAC Address Bound to a Specific IP Address with ebtables
Filtering Out Specific Ports with ebtables
Building an Inline Transparent Bridging Firewall with iptables (Stealth Firewalls)
MAC Address Filtering with iptables
DHCP Filtering with ebtables
Summary
12. NAT (Network Address Translation) and IP Forwarding.
Common Questions about Linux NAT
Tools/Methods Discussed in this Part
Diagnostic Logging
Viewing NAT Connections with netstat-nat
Listing Current NAT Entries with iptables
Listing Current NAT and Rule Packet Counters
Corrective Actions
Summary
13. General IP (Layer 3/Layer 4).
Common Question
Inbound: Creating a Rule for a New TCP Service
Inbound: Allowing SSH to a Local System
Forward: SSH to Another System
SSH: Connections Timeout
telnet: Forwarding telnet Connections to Other Systems
MySQL: Allowing MySQL Connections
Summary
14. SMTP (e-mail).
Common Questions
Tools Discussed in this Part
Allowing SMTP to/from Your Firewalls
Forwarding SMTP to an Internal Mail Server
Forcing Your Mail Server Traffic to Use a Specific IP Address with an SNAT Rule
Blocking Internal Users from Sending Mail Through Your Firewall
Accept Only SMTP Connections from Specific Hosts (ISP)
SMTP Server Timeouts/Failures/Numerous Processes
Small e-Mail Send/Receive Correctly-Large e-Mail Messages Do Not
Summary
15. Web Services (Web Servers and Web Proxies).
Common Questions
Tools Discussed in this Part
Inbound: Running a Local Web Server (Basic Rules)
Inbound: Filter: Incoming Web to Specific Hosts
Forward: Redirect Local Port 80 to Local Port 8080
Forwarding Connections from the Firewall to an Internal Web Server
Forward: To Multiple Internal Servers
Forward: To a Remote Server on the Internet
Forward: Filtering Access to a Forwarded Server
Outbound: Some Websites Are Inaccessible (ECN)
Outbound: Block Clients from Accessing Websites
Transparent Proxy Servers (squid) on Outbound Web Traffic
Summary
16. File Services (NFS and FTP).
Tools Discussed in this Part
NFS: Cannot Get NFS Traffic to Traverse a NAT or IP Forwarding Firewall
FTP Inbound: Running a Local FTP Server (Basic Rules)
FTP Inbound: Restricting Access with Firewall Rules
FTP Inbound: Redirecting FTP Connections to Another Port on the Server
FTP Forward: Forwarding to an FTP Server Behind the Firewall on a DMZ Segment
FTP Forward: Forwarding to Multiple FTP Servers Behind the Firewall on a DMZ Segment
FTP Forward: From One Internet Server to Another Internet Server
FTP Forward: Restricting FTP Access to a Forwarded Server
FTP Outbound: Connections are Established, but Directories Cannot Be Listed, and Files Cannot Be Downloaded
Summary
17. Instant Messaging.
Common Questions/Problems
Tools Discussed in This Part
NetMeeting and GnomeMeeting
Connecting to a Remote NetMeeting/GnomeMeeting Client from Behind an iptables Firewall (Outbound Calls Only)
Connecting to a NetMeeting/GnomeMeeting Client Behind a netfilter/iptables Firewall (Inbound/Outbound Calls)
Directly from the GnomeMeeting Website's Documentation
Blocking Outbound NetMeeting/GnomeMeeting Traffic
MSN Messenger
Connecting to Other MSN Users
Blocking MSN Messenger Traffic at the Firewall
Yahoo Messenger
Connecting to Yahoo Messenger
Blocking Yahoo Messenger Traffic
AOL Instant Messenger (AIM)
Connecting to AIM
Blocking AOL Instant Messenger Traffic
ICQ
Connecting to ICQ
Blocking ICQ
Summary
Recalling Our Methodology
18. DNS/DHCP.
Common Questions
Tools Discussed in this Part
Forwarding DNS Queries to an Upstream/Remote DNS Server
DNS Lookups Fail: Internal Hosts Communicating to an External Nameserver
DNS Lookups Fail: Short DNS Name Lookups Work-Long Name Lookups Do Not
DNS Lookups Fail: Nameserver Running on the Firewall
DNS Lookups Fail: Nameserver Running on the Internal and/or DMZ Network
Misleading rDNS Issue: New Mail, or FTP Connections to Remote Systems Take 30 Seconds or More to Start
DHCP: Dynamically Updating Firewall Rules with the IP Changes
Blocking Outbound DHCP
DHCP: Two Addresses on One External Interface
DHCP: Redirect DHCP Requests to DMZ
Summary
19. Virtual Private Networks.
Things to Consider with IPSEC
Common Questions/Problems
Tools Discussed in this Part
IPSEC: Internal Systems-Behind a NAT/MASQ Firewall Cannot Connect to an External IPSEC Server
IPSEC: Firewall Cannot Establish IPSEC VPNs
IPSEC: Firewall Can Establish Connections to a Remote VPN Server, but Traffic Does not Route Correctly Inside the VPN
PPTP: Cannot Establish PPTP Connections Through the Firewall
Running a PPTP Server Behind a NAT Firewall
PPTP: Firewall Cannot Establish PPTP VPNs
PPTP: Firewall Can Establish Connections to a Remote VPN Server, but Traffic Does not Route Correctly Inside the VPN
Using a free/openswan VPN to Secure a Wireless Network
Summary
Index.
Download the Index
file related to this title.