OESF Portables Forum

Everything Else => General Support and Discussion => Zaurus General Forums => Archived Forums => Security and Networking => Topic started by: SharpEnd on May 28, 2004, 11:30:29 pm

Title: Firewall?
Post by: SharpEnd on May 28, 2004, 11:30:29 pm

Is there a way to run a firewall on the Zaurus?  Or is it necessary?
Lets say I\'m on a public system, like t-mobile at $tarbuck$.  What
would keep someone else on the network from accessing my Z,
other than locking out the samba folder via chmod?
This would be a pain, as I\'d have to change access rules anytime I
wanted to TCP/IP files with my notebook computer.

Mike

Title: Firewall?
Post by: cmisip on May 29, 2004, 12:33:14 am

Shorewall for zaurus.  I use it at home to secure my wifi along with ipsec.  

http://cmisip.home.insightbb.com/index.htm (http://cmisip.home.insightbb.com/index.htm)

Title: Firewall?
Post by: evowan on June 25, 2004, 09:40:57 am

Quote

Shorewall for zaurus.  I use it at home to secure my wifi along with ipsec.  

http://cmisip.home.insightbb.com/index.htm (http://cmisip.home.insightbb.com/index.htm)

Hi,

Having trouble getting Shorewall running on the Z (Cacko 1.21a, C860). I've followed the instructions at the Shorewall link provided but when I try to start it up I get a number of messages, the first being -

iptables v1.2.9: can't initialize iptables table 'nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

And several of the same but for tables 'mangle' and 'filter'.

I have su'ed to root before starting the shorewall script. Anyone have any ideas?

Title: Firewall?
Post by: Tehas on June 26, 2004, 12:01:08 am

I've been tweaking my inetd.conf file to close ports.

Title: Firewall?
Post by: cmisip on June 26, 2004, 01:53:41 am

This url might be helpful

http://www.experts-exchange.com/Networking...Q_20464450.html (http://www.experts-exchange.com/Networking/Linux_Networking/Q_20464450.html)

Did you try

modprobe iptable_nat

---------------------------
This is the output of my lsmod

root@zaurus:/etc/shorewall> lsmod
Module                  Size  Used by
ipt_TOS                 1152  12
ipt_state                736  32
ipt_REJECT              3472   4
iptable_mangle          2272   1
ip_nat_irc              2768   0  (unused)
ip_nat_ftp              3392   0  (unused)
iptable_nat            15520   2  [ip_nat_irc ip_nat_ftp]
ip_conntrack_irc        2800   0  (unused)
ip_conntrack_ftp        3888   0  (unused)
ip_conntrack           15744   4  [ipt_state ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]
iptable_filter          1840   1
ip_tables              13584   8  [ipt_TOS ipt_state ipt_REJECT iptable_mangle iptable_nat iptable_filter]
pxa_bi                 21328   0  (unused)
net_fd                 25024   1
usbdcore               34544   0  [pxa_bi net_fd]
usbdmonitor             5248   0
sharp_mmcsd_m          26256   2
ext3                   59760   1  (autoclean)
jbd                    39232   1  (autoclean)


--------------------
perhaps iptables modules need to be compiled specific to your kernel config?

Title: Firewall?
Post by: tfraser on November 26, 2005, 03:44:54 pm

I've recently packaged up the simple iptables firewall I use on my Zaurus.  It doesn't require any configuration---basically prevents remote users from connecting to your Zaurus while allowing you to surf and use the cradle as usual.

Please see the Snowfence page (http://alum.wpi.edu/~tfraser/Software/Snowfence) for .ipk downloads and more information.

Title: Firewall?
Post by: speculatrix on November 28, 2005, 04:58:54 pm

here's a trivial firewall for your Z, create a file called /etc/rc.d/init.d/firewall and make it executable. Run it after rebooting.

#/bin/bash

iptables -F INPUT
iptables -P INPUT DROP
iptables -I INPUT -m state --state established,related -j ACCEPT
iptables -I INPUT -p icmp           -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -p udp --sport 67:68 -j ACCEPT