Book description
Covers Red Hat and SUSE
When something goes wrong with your Linux firewall, you need to fix it—right now. You don't have time for endless newsgroup searches, confusing man pages, emails to the developers... it's an emergency! One book brings together all the step-by-step solutions and proven problem-solving techniques you'll need when the time comes: Troubleshooting Linux® Firewalls.
Authors Michael Shinn and Scott Shinn are among the world's leading firewall experts; they've even been hired to protect computer security at the White House. In this book, they cover every area where Linux firewalls can go wrong: rules and filtering problems, Layer 2/3/4 issues, trouble with individual services, DNS/DHCP failures, even misconfigured VPNs. They also present an easy, start-to-finish troubleshooting methodology that'll help you identify even the newest or most obscure firewall problem fast—and solve it!
Inside, you will find in-depth information on the following areas:
What you must know about iptables and netfilter to troubleshoot and avoid problems
Using loggers, sniffers, and other tools to diagnose even the most obscure firewall problems
Making sure your firewall rules work the way they're supposed to
Resolving problems with Network Address Translation and IP Forwarding
Troubleshooting SMTP, Apache, Squid, NFS, FTP, instant messaging, and other Web-based services
Finding and fixing common problems with IPsec VPN configuration
Making your firewalls more failure-resistant: recommendations from the experts
If you depend on a Linux firewall, what will you do if it goes down? With Troubleshooting Linux® Firewalls, you can be confident that the solutions are right at hand—so you can sleep at night!
© Copyright Pearson Education. All rights reserved.
Table of contents
- Copyright
-
I. Getting Started
-
1. Introduction
- Why We Wrote This Book
- How This Book Is Organized
- Goals of This Book
- The Methodical Approach and the Need for a Methodology
- Firewalls, Security, and Risk Management
- How to Think About Risk Management
- Computer Security Principles
- Firewall Recommendations and Definitions
- Why Do I Need a Firewall?
- Do I Need More Than a Firewall?
- What Kinds of Firewalls Are There?
- The Myth of “Trustworthy” or “Secure” Software
- Know Your Vulnerabilities
- Creating Security Policies
- Training
- Defense in Depth
- Summary
- 2. Getting Started
- 3. Local Firewall Security
-
4. Troubleshooting Methodology
- Problem Solving Methodology
- Recognize, Define, and Isolate the Problem
- Gather Facts
- Define What the “End State” Should Be
- Develop Possible Solutions and Create an Action Plan
- Analyze and Compare Possible Solutions
- Select and Implement the Solution
- Critically Analyze the Solution for Effectiveness
- Repeat the Process Until You Resolve the Problem
- Summary
-
1. Introduction
-
II. Tools and Internals
- 5. The OSI Model: Start from the Beginning
- 6. netfilter and iptables Overview
-
7. Using iptables
- Proper iptables Syntax
-
Setting Up an Example Firewall
- Kernel Options
- iptables Modules
- Firewall Rules
- Quality of Service Rules
- Port Scan Rules
- Bad Flag Rules
- Bad IP Options Rules
- Small Packets and Rules to Deal with Them
- Rules to Detect Data in Packets Using the String Module
- Invalid Packets and Rules to Drop Them
- A Quick Word on Fragments
- SYN Floods
- Polite Rules
- Odd Port Detection and Rules to Deny Connections to Them
- Silently Drop Packets You Don’t Care About
- Enforcement Rules
- IP Spoofing Rules
- Egress Filtering
- Send TCP Reset for AUTH Connections
- Playing Around with TTL Values
- State Tracking Rules
- STEALTH Rules
- Shunning Bad Guys
- ACCEPT Rules
- Summary
- 8. A Tour of Our Collective Toolbox
- 9. Diagnostics
-
III. Diagnostics
- 10. Testing Your Firewall Rules (for Security!)
- 11. Layer 2/Inline Filtering
-
12. NAT (Network Address Translation) and IP Forwarding
- Common Questions about Linux NAT
-
Tools/Methods Discussed in this Chapter
- Diagnostic Logging
- Viewing NAT Connections with netstat-nat
- Listing Current NAT Entries with iptables
- Listing Current NAT and Rule Packet Counters
-
Corrective Actions
- Troubleshooting: Internal Systems Can Communicate with External Systems—DMZ Systems Cannot Be Reached from the Outside
- Corrective Actions
- Internal Systems Can Communicate to External Systems Except to a Small Percentage of Systems
- Internal Systems Can Communicate with External Systems, but only with Small Packets—Large File Transfers Fail
- Summary
- 13. General IP (Layer 3/Layer 4)
-
14. SMTP (e-mail)
- Common Questions
- Tools Discussed in this Chapter
- Allowing SMTP to/from Your Firewalls
- Forwarding SMTP to an Internal Mail Server
- Forcing Your Mail Server Traffic to Use a Specific IP Address with an SNAT Rule
- Blocking Internal Users from Sending Mail Through Your Firewall
- Accept Only SMTP Connections from Specific Hosts (ISP)
- SMTP Server Timeouts/Failures/Numerous Processes
- Small e-Mail Send/Receive Correctly—Large e-Mail Messages Do Not
- Summary
-
15. Web Services (Web Servers and Web Proxies)
- Common Questions
-
Tools Discussed in this Chapter
- Inbound: Running a Local Web Server (Basic Rules)
- Inbound: Filter: Incoming Web to Specific Hosts
- Forward: Redirect Local Port 80 to Local Port 8080
- Forwarding Connections from the Firewall to an Internal Web Server
- Forward: To Multiple Internal Servers
- Forward: To a Remote Server on the Internet
- Forward: Filtering Access to a Forwarded Server
- Outbound: Some Websites are Inaccessible (ECN)
- Outbound: Block Clients from Accessing Websites
- Transparent Proxy Servers (squid) on Outbound Web Traffic
- Summary
-
16. File Services (NFS and FTP)
-
Tools Discussed in this Chapter
- NFS: Cannot Get NFS Traffic to Traverse a NAT or IP Forwarding Firewall
- FTP Inbound: Running a Local FTP Server (Basic Rules)
- FTP Inbound: Restricting Access with Firewall Rules
- FTP Inbound: Redirecting FTP Connections to Another Port on the Server
- FTP Forward: Forwarding to an FTP Server Behind the Firewall on a DMZ Segment
- FTP Forward: Forwarding to Multiple FTP Servers Behind the Firewall on a DMZ Segment
- FTP Forward: From One Internet Server to Another Internet Server
- FTP Forward: Restricting FTP Access to a Forwarded Server
- FTP Outbound: Connections are Established, but Directories Cannot Be Listed, and Files Cannot Be Downloaded
- Summary
-
Tools Discussed in this Chapter
-
17. Instant Messaging
- Common Questions/Problems
- Tools Discussed in This Chapter
-
NetMeeting and GnomeMeeting
- Connecting to a Remote NetMeeting/GnomeMeeting Client from Behind an iptables Firewall (Outbound Calls Only)
- Connecting to a NetMeeting/GnomeMeeting Client Behind a netfilter/iptables Firewall (Inbound/Outbound Calls)
- Directly from the GnomeMeeting Website’s Documentation
- Blocking Outbound NetMeeting/GnomeMeeting Traffic
- MSN Messenger
- Yahoo Messenger
- AOL Instant Messenger (AIM)
- ICQ
- Summary
-
18. DNS/DHCP
- Common Questions
-
Tools Discussed in this Chapter
- Forwarding DNS Queries to an Upstream/Remote DNS Server
- DNS Lookups Fail: Internal Hosts Communicating to an External Nameserver
- DNS Lookups Fail: Short DNS Name Lookups Work—Long Name Lookups Do Not
- DNS Lookups Fail: Nameserver Running on the Firewall
- DNS Lookups Fail: Nameserver Running on the Internal and/or DMZ Network
- Misleading rDNS Issue: New Mail, or FTP Connections to Remote Systems Take 30 Seconds or More to Start
- DHCP: Dynamically Updating Firewall Rules with the IP Changes
- Blocking Outbound DHCP
- DHCP: Two Addresses on One External Interface
- DHCP: Redirect DHCP Requests to DMZ
- Summary
-
19. Virtual Private Networks
- Things to Consider with IPSEC
- Common Questions/Problems
-
Tools Discussed in this Chapter
- IPSEC: Internal Systems—Behind a NAT/MASQ Firewall Cannot Connect to an External IPSEC Server
- IPSEC: Firewall Cannot Establish IPSEC VPNs
- IPSEC: Firewall Can Establish Connections to a Remote VPN Server, but Traffic Does not Route Correctly Inside the VPN
- PPTP: Cannot Establish PPTP Connections Through the Firewall
- Running a PPTP Server Behind a NAT Firewall
- Summary
Product information
- Title: Troubleshooting Linux® Firewalls
- Author(s):
- Release date: December 2004
- Publisher(s): Addison-Wesley Professional
- ISBN: None
You might also like
book
DevOps Troubleshooting: Linux® Server Best Practices
“If you’re a developer trying to figure out why your application is not responding at 3 …
book
Network Troubleshooting Tools
Over the years, thousands of tools have been developed for debugging TCP/IP networks. They range from …
book
Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter
Learn how to secure your system and implement QoS using real-world scenarios for networks of all …
book
DevOps Troubleshooting for Linux Server: Is the Server Down? Tracking Down the Source of Network Problems
No matter where you fit in a DevOps organization, network troubleshooting skills are invaluable. It can …