Arch Security.

FathisAeril · 2010-07-13 22:15:57

Before someone jumps on the "USE THE WIKI"S!" or "JUST SEARCH THE FORUMNS GAWD!" I'd like to point out that I have done just that and wanted a personal opinion from the community.

Im using Arch64, single desktop behind a locked Network and router. IPtables is completly unconfigured, it was next on the list of 'todo's" after getting everything else up and running.

My main question is, is a firewall needed for Arch? Should I even bother going through setting up Iptables or Trying to figure out Firestarter? I'm coming from Ubuntu where the services were automatically configured as needed and it really was an "install, update and go" experience. I realize that this is both a blessing and a curse as it is convience at the price of knowledge.

I myspace / Facebook, watch Videos on Youtube, occasionally Torrent (With an updated BlackList) Play WoW / CS / Urban Terror / Unreal Tournament online, nothing that is amazingly critical. But I am trying to build this box to be as stable as possible so that I never have to reinstall unless its absolutely necessary.

My thanks in advance

karol · 2010-07-13 22:22:48

> My main question is, is a firewall needed for Arch?
No.

ngoonee · 2010-07-13 22:40:49

FathisAeril wrote:

... single desktop behind a locked Network and router.

That's your answer, honestly.

fukawi2 · 2010-07-13 23:24:02

FathisAeril wrote:

My main question is, is a firewall needed for Arch?

Depends how much you trust the other devices that are on the local network (behind the router) with your machine.

pogeymanz · 2010-07-13 23:31:23

Software firewalls seem totally unnecessary on personal systems that are behind a router.

I assume that it may be useful on complex networks or networks on which you have no control of the hardware firewall.

FathisAeril · 2010-07-14 02:00:39

THank you for the quick, and to-the-point reply guys. Got me the exact answer I needed

rb · 2010-07-14 02:13:40

pogeymanz wrote:

Software firewalls seem totally unnecessary on personal systems that are behind a router.

With 'a router', do you mean any home regular router or anything a bit more sophisticated?

parintachin · 2010-07-14 03:16:29

every router uses nat (only the router is visible to the outside) and translates all request so you can use the internet . if you don't use portforwarding none of the computers behind the router can be accesed from the outside .
hope this helps

fukawi2 · 2010-07-14 03:19:40

parintachin wrote:

every router uses nat

Did you mean "every router that uses nat"? Because "every" router does NOT perform NAT.

tjwoosta · 2010-07-14 03:37:48

FathisAeril wrote:

Before someone jumps on the "USE THE WIKI"S!" or "JUST SEARCH THE FORUMNS GAWD!" I'd like to point out that I have done just that and wanted a personal opinion from the community.
Im using Arch64, single desktop behind a locked Network and router. IPtables is completly unconfigured, it was next on the list of 'todo's" after getting everything else up and running.
My main question is, is a firewall needed for Arch? Should I even bother going through setting up Iptables or Trying to figure out Firestarter? I'm coming from Ubuntu where the services were automatically configured as needed and it really was an "install, update and go" experience. I realize that this is both a blessing and a curse as it is convience at the price of knowledge.
I myspace / Facebook, watch Videos on Youtube, occasionally Torrent (With an updated BlackList) Play WoW / CS / Urban Terror / Unreal Tournament online, nothing that is amazingly critical. But I am trying to build this box to be as stable as possible so that I never have to reinstall unless its absolutely necessary.
My thanks in advance

Ubuntu doesn't have iptables configured by default, its just usually unnescessary if your behind a firewalled router. If your fine without it in ubuntu your fine without it in arch. If your on a laptop and sometimes connect to unsecure networks Id reccomend it though.

mh3rn4nd3z3 · 2010-07-14 06:09:03

I tried using Firestarter in Fedora, but it doesn't seem like it helps much and it just makes things complicated.

ngoonee · 2010-07-14 07:09:06

mh3rn4nd3z3 wrote:

I tried using Firestarter in Fedora, but it doesn't seem like it helps much and it just makes things complicated.

All firestarter is is a GUI to configure iptables, no more, no less. If you understand iptables rules, of course it doesn't help.

If you were instead saying that it doesn't help from a security perspective, then that would depend on what system you're running and what networks you're connected to. I don't have any special iptables setup on my laptop because its always behind a router and doesn't face the internet directly at all. If you're running a home server, iptables would be invaluable (and firestarter, if you don't know iptables rules well).

mh3rn4nd3z3 · 2010-07-14 07:13:28

ngoonee wrote:

mh3rn4nd3z3 wrote:
I tried using Firestarter in Fedora, but it doesn't seem like it helps much and it just makes things complicated.
All firestarter is is a GUI to configure iptables, no more, no less. If you understand iptables rules, of course it doesn't help.

Yes, I meant to say that firestarter just makes things confusing... at least for me. I'm not saying that configuring some sort of firewall is pointless. Yes the app itself is not 'great'.

pogeymanz · 2010-07-14 13:24:26

rb wrote:

pogeymanz wrote:
Software firewalls seem totally unnecessary on personal systems that are behind a router.
With 'a router', do you mean any home regular router or anything a bit more sophisticated?

I mean any home regular router that isn't 1,000,000 years old. They pretty much all act as an hardware firewall. Software firewalls are redundant in most cases. I suppose if you have some kind of VNC server or HTTP server, and a regular desktop, you might want to allow connections through the router, but have software firewalls with different configurations on each machine.

rb · 2010-07-14 13:35:41

parintachin wrote:

every router uses nat (only the router is visible to the outside) and translates all request so you can use the internet . if you don't use portforwarding none of the computers behind the router can be accesed from the outside .
hope this helps

Indeed it helped. Thank you!

Teho · 2010-07-14 13:36:09

As far as I know when it comes to Telewell modems (I don't know about others) the ethernet ports 3-4 aren't using NAT - well the ports obviously differ from modem to modem.

In case one doesn't use NAT should he then be using software firewall or something?

Zeist · 2010-07-14 13:47:27

pogeymanz wrote:

Software firewalls seem totally unnecessary on personal systems that are behind a router.
I assume that it may be useful on complex networks or networks on which you have no control of the hardware firewall.

Assuming that you trust other computers on your local network and you keep them secure enough to keep any kind of backdoor from getting planted on any of them.

In this case the user was the only computer on his local network, so no real need to worry about any of the other computers on a local network... and running local security practices properly on your own system is pretty mandatory either way.

whaler · 2010-08-06 18:53:00

Not to hijack the thread, but I am using a single computer "behind" an ADSL (SpeedTouch) modem and nmap shows this:

"Starting Nmap 5.21 ( http://nmap.org ) at 2010-08-06 20:35 CEST
Nmap scan report for Orev.lan (10.0.0.7)
Host is up (0.00017s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
6881/tcp open bittorrent-tracker

Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds"

Does this mean all the 999 unused/closed ports are safe from attack, or would I still be more secure by installing a firewall and/or sshguard?

Last edited by whaler (2010-08-06 18:53:51)

fukawi2 · 2010-08-07 00:45:25

whaler wrote:

Not shown: 999 closed ports

They're closed, so they are not being forwarded to your internal machine.

Arch Linux

#1 2010-07-13 22:15:57

Arch Security.

#2 2010-07-13 22:22:48

Re: Arch Security.

#3 2010-07-13 22:40:49

Re: Arch Security.

#4 2010-07-13 23:24:02

Re: Arch Security.

#5 2010-07-13 23:31:23

Re: Arch Security.

#6 2010-07-14 02:00:39

Re: Arch Security.

#7 2010-07-14 02:13:40

Re: Arch Security.

#8 2010-07-14 03:16:29

Re: Arch Security.

#9 2010-07-14 03:19:40

Re: Arch Security.

#10 2010-07-14 03:37:48

Re: Arch Security.

#11 2010-07-14 06:09:03

Re: Arch Security.

#12 2010-07-14 07:09:06

Re: Arch Security.

#13 2010-07-14 07:13:28

Re: Arch Security.

#14 2010-07-14 13:24:26

Re: Arch Security.

#15 2010-07-14 13:35:41

Re: Arch Security.

#16 2010-07-14 13:36:09

Re: Arch Security.

#17 2010-07-14 13:47:27

Re: Arch Security.

#18 2010-08-06 18:53:00

Re: Arch Security.

#19 2010-08-07 00:45:25

Re: Arch Security.

Board footer