Hello,

I use Fedora 3 and want to install some tool, but I'm new in thi area and can't do the following instruction:

"open ssh/http/https/ftp/smtp ports"

How can I do this?

System Settings --> Security level

Moved to security.

Tashiro

Go ahead and install firestarter with synaptic/yum. Firestarter is a very easy to use software that can help you manage your system security.

i am not completely agree with the idea to install firestarter, because the default firewall is still running.

go to security-level. You can fill in :

portnr:tcp, for example: 22:tcp, if i am correct

Evert

The "default firewall" is IPTables, which is exactly what firestarter is used to modify/set up.

oh.. ok

I did not know that

Evert

I don't see firestarter in synaptic...what repo is it in?

Hi elmu, :)

When I fist installed I snooped around and entered a ip pattern/16 like 90.0.0.0./16 in a area after the 120.0.0.0/24.
I am not sure where it is now but it started the local net working for f/s, remote and http on local net.

Later, after updates, the whole lo was reset to FC3 only and could not get out or nothing could get in.

I evenually just evtered the pots I woulded open in the last text box of the Firewall label as other ports.
It got most htings working but I'm behind a FW-proxysever so I'm save from the internet.

crackers, :)

o offense but the last thing we beginners need is more ionstalls and especially outside the FC3 core to do what FC3 can do with some basic knowledge. You are not helping FC3 or the new way to run SELinux by preaching the old scholl way of slip shod install and try and see.

We need to remember that FC3 with SELinux is for a reason beyound goofing around with computers. The ionternet has become as pollarised as the R and D partys.
It a bad palce waiting to compromise your computer and all things that can stop these hackers, thieves, and criminals the better.
You seem to know a lot, use your gifts for good and teach the new way, the GUI way, the mass user way, the safe way, the secure way and the reliable way.

The computer world is different now and we need wisdom in use as well as knowhow with the bits and bytes.

thank you for listening,

SJ

Slowjet,

In defense of Crackers, he is simply noting that the firewall is IPtables and comes with the linux distribution (in this case FC3). Firestarter is an optional GUI that can be used to make modifying the iptables rules easier.

In terms of the comment about SELinux and being there for a reason; I didn't see anything in this thread where anybody suggested that SELinux shouldn't be used.

I take a little offense to the comment about the GUI being the new way or the right way. I manage nearly 20 Linux servers in our enterprise and not a single one of them has a GUI installed on it. The GUI tools are mainly there for easy of use, but many are somewhat limited in terms of their functionality. Actually understanding what the configuration file does and how it works, is far more beneficial to keeping your linux box running smoothly than learning all of the GUI tools in the world.

I think if you polled all of the people out here you would find that many of the linux gurus actually have little experience with the GUI. I use it for surfing the web on my workstation, but in terms of productivity and actual product knowledge, my use of the GUI is very limited.

Granted, the GUI's are getting better and there are many people who likely use the GUI on this forum, but calling this the "new" or "right" way to use Linux just seems like blasphemy to us tried and true linux guys.

Just arrived to look for answers:-)

To check:

On FC2 as standard (whatever that is - depends on install options I suppose) firewalling is done via IPTables and is configured (at least under KDE) using System Settings -> Security Level.

If that is so, I have a small problem :-(

I have two network cards, and want to apply different firewall rules to them. The GUI allows you to select trusted devices and trusted services, but AFAICT does not match individual services to individual devices.


I have seen 'firestarter' being plugged as an alternative GUI to manage IPTables.

Will this allow me to select which ports I open on each network card, or will I have to lay into the underlying configuration files?

TIA
Dave R

I have installed Firstarter but whenever I enable the firewall, I cannot browse the internet . My Outbound Traffic policy is Permissive by default,Blacklist traffic and there are no entries under it.
I wanted to use bittorrent. So under Inbound Traffic policy, I have added
Allow service|Port | For
Bittorrent |6881| everyone

I have checked my azureus configuration and the Incoming traffic port is 6881. Anyway, after enabling the firewall, I am not able to browse at all, so I guess I must be missing something simple.

Can anyone tell me how to add ports through Fedora Core 4, i only have a console installed no gui/xwindow system.

Much thanks.

I suggest you evaluate shorewall (http://www.shorewall.net), a tool to interface iptables based on configuration files. Despite this fact, it is really easy to grasp and very powerful.

So is there a way to open a port without installing anything? I'd rather not install extra software to use once.

Basically:
/sbin/iptables -A INPUT -i if -p p --dport n -j ACCEPT
if = interface (eth0, eth1, etc.)
n = port number
p = protocol (TCP, UDP, ICMP)
But there's much more to it (http://www.linuxguruz.com/iptables/howto/iptables-HOWTO-6.html)...

after dealing with the iptables, do i need to restart my box?

No, it's immediate, but let me warn you: that command has no meaning without a context and won't work. You have to use a tool that sets up the firewall for you...

See the bittorrent and azureus sections of the Notes (http://stanton-finley.net/fedora_core_4_installation_notes.html) for some examples of configuring ports in iptables and saving the configuration. Also be sure to forward these ports in your router or gateway if your Fedora box is behind one.