Firestarter Firewall in Ubuntu, installation and configuration

Iptables is the default firewall in Ubuntu and is a very powerful tool. The problem is that when it comes to perform administration tasks, the syntax is complicated and difficult to understand. For this reason, Gufw and Firestarter were created (it is a server level firewall for “humans”), which is simpler.

 

GUFW FIREWALL

Gufw can be installed from a terminal window with the following command:

sudo apt-get install ufw Gufw

 

By default, Iptables and ufw run from startup, allowing all outgoing connections and denying all incoming connections.

 

Gufw, the graphical interface for ufw, is ideal for normal users with little knowledge.

It can be run from System -> Administration -> Firewall Configuration.

The simplest way to add a rule:

Simple: To add a specific port, choose between allow, deny or limit.

Enter the port number.

Select TCP, UDP or both.

Click on “add”.

 

To remove rules, select Delete.

 

FIRESTARTER FIREWALL

More powerful than Gufw, it also consumes more resources.

Can be installed from a terminal window with the following command:

sudo apt-get install firestarter

 

To run it, go to Applications -> Internet -> Firestarter.

 

The first time the Firestarter is executed, a configuration wizard appears, showing a welcome message. Click Continue.

 

 

Another window pops up, showing an Internet connection form (to know what network connection the system using, issue an ifconfig command in a Terminal). The user can choose if the firewall should allow external connections (recommended) and if the IP address of the computer is assigned via DHCP.

Click Forward.

Another window appears so that the user can decide to share the Internet connection with other computers in the network by means of NAT (Check this option if the computer the DHCP server and delivers Internet connection to other computers in the network.

Click Continue.

 

Last window appears, from which the user can start the firewall.

 

By default Iptables and its user interface Firestarter allow all outgoing connections and deny all incoming connections.

 

The first tab shows the status of the firewall, with direct readout of active connections. Shows connections that have been rejected. Rules shows the rules of the firewall configuration, which can be browse by selecting from the following options:

Rules for incoming traffic: permission to enter.

Rules for outgoing traffic: used to prevent out connections.

After setting this option, right click on the bottom panel, and select “Add Rule” from the context menu.

To allow access to specific ports, click on Allow service/port/to, which opens a window where the user must specify the port to be open:

* Name: description of the port to be open.

* Port: Port to open (a range can also be specified: i.e. 4662-4672).

* Origin: If it is necessary to specify a particular IP to allow traffic from. Typically left blank.

* Comment: A comment (optional) describing what the port will be used for.

 

After entering the required information, click the “Add” button and the rule will be applied. If the user doesn’t know which ports an application uses and it is not working properly, it is probable that the firewall is denying traffic, not having set an explicit rule for it. In this case, the Events tab can used to know the connections used by the application and then grant necessary permissions.

 

To allow traffic from the local network and be able to share files between computers, select “Allow connections” from the host. In the opening screen, the user can enter the private IP, the name of the machine or network it wants to allow full access from.

 

Example to open ports for aMule

1. While the firewall is running, click on “Rules” and select “Edit – Rules” for incoming traffic.

2. Select the text box below and click on “Add Rules”.

* aMule requires two ports to be open, meaning that two rules have to be set:

Specify that the firewall will allow incoming connections to port 4662(TCP), set the name to aMule and click on “Add”.

Do the same for port 4672(UDP).

* For Transmission, only add port 51413 (TCP)

 

If it is required that Firestarter runs every time an Ubuntu session starts, it should be added to the list of startup programs in System -> Preferences -> Sessions -> Startup Programs.


Blogsphere: TechnoratiFeedsterBloglines
Bookmark: Del.icio.usSpurlFurlSimpyBlinkDigg
RSS feed for comments on this post
 |  TrackBack URI for this post


Leave a Reply