Tuesday, February 28, 2006

Walls ablaze part 1

For those of you looking to setup a Linux firewall for your workstation, allow me to introduce you to Firestarter. Its a GUI application to manage iptables, which is the kernel level ip filter. Installing it is a piece of cake.
  • apt-get install firestarter -y
and you're done. Hahaha. Now comes the configuration part. For those running GNOME, clicking on "Application -> System Tools -> Firestarter" will execute the application. Since it's a front-end for iptables which requires root privileges, you'll be prompted for the root password (or the sudo password). Just type it in and you're all set. For those wishing to execute it from the terminal (for whatever reason it may be), typing "gksudo firestarter" will execute the program as well.

There is already a good tutorial available from the Firestarer homepage which is accessible through this link but I will run through the 3 step process here as well.
  • Click "Forward" on the first page. This is merely stating that you're ready to begin the setup.
  • In "Network Device Setup", select the interface that you want the filtering to take place. For Linux, the first interface is usually called eth0, the second interface eth1 and so forth. For those using your Linux machine to dial out for DialUp or ADSL, select the "Start firewall on dial-out option". For those who obtain their IP automatically from a DHCP server, do remember to check the "IP address assigned via DHCP" option box. Click "Forward" when you're done.
  • In "Network Device Setup", this is the section that allows your computer to act as a gateway for multiple PC's in your network. Enable it if you wish to share your connection with others. This is also a good tool to be used on gateway servers as it simplifies configuration but I wouldn't recommend running a full fledged GUI on a server. You would need a minimum of two interfaces for thise to work. One for the internal network (where all your clients are) and another which is connected to the internet. In the interface selection, select the interface connected to the internal network. If you wish to assign address to the clients in your personalized LAN, click the "Enable DHCP for local network" and enter the settings as you require it.
  • And your now set to run your newly configured firewall. Just click "save" and your're good to go.
This is the default configuration and setup for Firestarter. From now on everytime you reboot your machine, your firewall rules will automatically be loaded on system startup. If you would like to load Firestarter when you log into your account you will have to make it load using whichever method your desktop uses to start programs on startup. In the next part I'll run through some other configuration options. Till then ciaoz;)

No comments: