You are not logged in.
Pages: 1
Before someone jumps on the "USE THE WIKI"S!" or "JUST SEARCH THE FORUMNS GAWD!" I'd like to point out that I have done just that and wanted a personal opinion from the community.
Im using Arch64, single desktop behind a locked Network and router. IPtables is completly unconfigured, it was next on the list of 'todo's" after getting everything else up and running.
My main question is, is a firewall needed for Arch? Should I even bother going through setting up Iptables or Trying to figure out Firestarter? I'm coming from Ubuntu where the services were automatically configured as needed and it really was an "install, update and go" experience. I realize that this is both a blessing and a curse as it is convience at the price of knowledge.
I myspace / Facebook, watch Videos on Youtube, occasionally Torrent (With an updated BlackList) Play WoW / CS / Urban Terror / Unreal Tournament online, nothing that is amazingly critical. But I am trying to build this box to be as stable as possible so that I never have to reinstall unless its absolutely necessary.
My thanks in advance
It doesn't matter how much training you have. A broken rib is still a broken rib.
Offline
> My main question is, is a firewall needed for Arch?
No.
Offline
... single desktop behind a locked Network and router.
That's your answer, honestly.
Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.
Offline
My main question is, is a firewall needed for Arch?
Depends how much you trust the other devices that are on the local network (behind the router) with your machine.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Software firewalls seem totally unnecessary on personal systems that are behind a router.
I assume that it may be useful on complex networks or networks on which you have no control of the hardware firewall.
Offline
THank you for the quick, and to-the-point reply guys. Got me the exact answer I needed
It doesn't matter how much training you have. A broken rib is still a broken rib.
Offline
Software firewalls seem totally unnecessary on personal systems that are behind a router.
With 'a router', do you mean any home regular router or anything a bit more sophisticated?
Sorry for my English. Feel free to point out my errors.
Offline
every router uses nat (only the router is visible to the outside) and translates all request so you can use the internet . if you don't use portforwarding none of the computers behind the router can be accesed from the outside .
hope this helps
Offline
every router uses nat
Did you mean "every router that uses nat"? Because "every" router does NOT perform NAT.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Before someone jumps on the "USE THE WIKI"S!" or "JUST SEARCH THE FORUMNS GAWD!" I'd like to point out that I have done just that and wanted a personal opinion from the community.
Im using Arch64, single desktop behind a locked Network and router. IPtables is completly unconfigured, it was next on the list of 'todo's" after getting everything else up and running.
My main question is, is a firewall needed for Arch? Should I even bother going through setting up Iptables or Trying to figure out Firestarter? I'm coming from Ubuntu where the services were automatically configured as needed and it really was an "install, update and go" experience. I realize that this is both a blessing and a curse as it is convience at the price of knowledge.
I myspace / Facebook, watch Videos on Youtube, occasionally Torrent (With an updated BlackList) Play WoW / CS / Urban Terror / Unreal Tournament online, nothing that is amazingly critical. But I am trying to build this box to be as stable as possible so that I never have to reinstall unless its absolutely necessary.
My thanks in advance
Ubuntu doesn't have iptables configured by default, its just usually unnescessary if your behind a firewalled router. If your fine without it in ubuntu your fine without it in arch. If your on a laptop and sometimes connect to unsecure networks Id reccomend it though.
Offline
I tried using Firestarter in Fedora, but it doesn't seem like it helps much and it just makes things complicated.
Offline
I tried using Firestarter in Fedora, but it doesn't seem like it helps much and it just makes things complicated.
All firestarter is is a GUI to configure iptables, no more, no less. If you understand iptables rules, of course it doesn't help.
If you were instead saying that it doesn't help from a security perspective, then that would depend on what system you're running and what networks you're connected to. I don't have any special iptables setup on my laptop because its always behind a router and doesn't face the internet directly at all. If you're running a home server, iptables would be invaluable (and firestarter, if you don't know iptables rules well).
Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.
Offline
mh3rn4nd3z3 wrote:I tried using Firestarter in Fedora, but it doesn't seem like it helps much and it just makes things complicated.
All firestarter is is a GUI to configure iptables, no more, no less. If you understand iptables rules, of course it doesn't help.
Yes, I meant to say that firestarter just makes things confusing... at least for me. I'm not saying that configuring some sort of firewall is pointless. Yes the app itself is not 'great'.
Offline
pogeymanz wrote:Software firewalls seem totally unnecessary on personal systems that are behind a router.
With 'a router', do you mean any home regular router or anything a bit more sophisticated?
I mean any home regular router that isn't 1,000,000 years old. They pretty much all act as an hardware firewall. Software firewalls are redundant in most cases. I suppose if you have some kind of VNC server or HTTP server, and a regular desktop, you might want to allow connections through the router, but have software firewalls with different configurations on each machine.
Offline
every router uses nat (only the router is visible to the outside) and translates all request so you can use the internet . if you don't use portforwarding none of the computers behind the router can be accesed from the outside .
hope this helps
Indeed it helped. Thank you!
Sorry for my English. Feel free to point out my errors.
Offline
As far as I know when it comes to Telewell modems (I don't know about others) the ethernet ports 3-4 aren't using NAT - well the ports obviously differ from modem to modem.
In case one doesn't use NAT should he then be using software firewall or something?
Offline
Software firewalls seem totally unnecessary on personal systems that are behind a router.
I assume that it may be useful on complex networks or networks on which you have no control of the hardware firewall.
Assuming that you trust other computers on your local network and you keep them secure enough to keep any kind of backdoor from getting planted on any of them.
In this case the user was the only computer on his local network, so no real need to worry about any of the other computers on a local network... and running local security practices properly on your own system is pretty mandatory either way.
I haven't lost my mind; I have a tape back-up somewhere.
Twitter
Offline
Not to hijack the thread, but I am using a single computer "behind" an ADSL (SpeedTouch) modem and nmap shows this:
"Starting Nmap 5.21 ( http://nmap.org ) at 2010-08-06 20:35 CEST
Nmap scan report for Orev.lan (10.0.0.7)
Host is up (0.00017s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
6881/tcp open bittorrent-tracker
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds"
Does this mean all the 999 unused/closed ports are safe from attack, or would I still be more secure by installing a firewall and/or sshguard?
Last edited by whaler (2010-08-06 18:53:51)
Offline
Not shown: 999 closed ports
They're closed, so they are not being forwarded to your internal machine.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Pages: 1