Help - Search - Members - Calendar
Full Version: Firewall?
OESF Portables Forum > Everything Else > Archived Forums > Zaurus General Forums > General Support and Discussion > Security and Networking
Is there a way to run a firewall on the Zaurus? Or is it necessary?
Lets say I'm on a public system, like t-mobile at $tarbuck$. What
would keep someone else on the network from accessing my Z,
other than locking out the samba folder via chmod?
This would be a pain, as I'd have to change access rules anytime I
wanted to TCP/IP files with my notebook computer.

Shorewall for zaurus. I use it at home to secure my wifi along with ipsec.
QUOTE(cmisip @ May 29 2004, 04:33 AM)
Shorewall for zaurus. I use it at home to secure my wifi along with ipsec.


Having trouble getting Shorewall running on the Z (Cacko 1.21a, C860). I've followed the instructions at the Shorewall link provided but when I try to start it up I get a number of messages, the first being -

iptables v1.2.9: can't initialize iptables table 'nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

And several of the same but for tables 'mangle' and 'filter'.

I have su'ed to root before starting the shorewall script. Anyone have any ideas?
I've been tweaking my inetd.conf file to close ports.
This url might be helpful

Did you try

modprobe iptable_nat

This is the output of my lsmod

root@zaurus:/etc/shorewall> lsmod
Module Size Used by
ipt_TOS 1152 12
ipt_state 736 32
ipt_REJECT 3472 4
iptable_mangle 2272 1
ip_nat_irc 2768 0 (unused)
ip_nat_ftp 3392 0 (unused)
iptable_nat 15520 2 [ip_nat_irc ip_nat_ftp]
ip_conntrack_irc 2800 0 (unused)
ip_conntrack_ftp 3888 0 (unused)
ip_conntrack 15744 4 [ipt_state ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]
iptable_filter 1840 1
ip_tables 13584 8 [ipt_TOS ipt_state ipt_REJECT iptable_mangle iptable_nat iptable_filter]
pxa_bi 21328 0 (unused)
net_fd 25024 1
usbdcore 34544 0 [pxa_bi net_fd]
usbdmonitor 5248 0
sharp_mmcsd_m 26256 2
ext3 59760 1 (autoclean)
jbd 39232 1 (autoclean)

perhaps iptables modules need to be compiled specific to your kernel config?
I've recently packaged up the simple iptables firewall I use on my Zaurus. It doesn't require any configuration---basically prevents remote users from connecting to your Zaurus while allowing you to surf and use the cradle as usual.

Please see the Snowfence page for .ipk downloads and more information.
here's a trivial firewall for your Z, create a file called /etc/rc.d/init.d/firewall and make it executable. Run it after rebooting.


iptables -F INPUT
iptables -P INPUT DROP
iptables -I INPUT -m state --state established,related -j ACCEPT
iptables -I INPUT -p icmp -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -p udp --sport 67:68 -j ACCEPT
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2018 Invision Power Services, Inc.