How can I know if my firewall is working correctly?

Saturn · Tux's lil' helper Joined: 31 May 2002 Posts: 83

Hi,

I have installed a small firewall named "pmfirewall". It was easy to install but is there a way to test if it does its job well?

Thanks for your help.

bluz · n00b Joined: 18 Aug 2002 Posts: 61 Location: Canada

There are a few ways to test the firewall..

One of the best is to get a copy of NMAP (emerge nmap) and fire some tests at your firewalled computer from another host. If you can't do that, there are a lot of sites on the internet that will run tests for you to check for open ports.. most of them are pretty superficial, but it's a start.

BlUz

steblublu · Posted: Sun Aug 18, 2002 6:22 am Post subject:

steve gibson runs a web site grc.com that has a usefull app for quick probe. it will test your ports to see if they respond. It is fast, and seems similar to nmap.

You might also want to test outgoing traffic.

as Bluz mentioned above, you can use NMAP. This app is usefull because it can probe ports using different methods, including stealth fin methods (read the man page).

The problem with NMAP is that it will often give false positives (report that a port is open, when it is not, gibson's as well). To be sure you get an accurate map of your ports, you may want to open another terminal window and do a TCPDUMP - this will help eliminate any false positives

steb

.

dizzy · Posted: Sun Aug 18, 2002 7:09 am Post subject:

To get a balanced view of Steve Gibson's site you might also want to visit this page http://grcsucks.com/ .
I don't always agree with the above view but it's nice to see things from both sides and decide for yourself.

steblublu · Posted: Sun Aug 18, 2002 7:55 am Post subject:

bluz · n00b Joined: 18 Aug 2002 Posts: 61 Location: Canada

I don't to start a huge argument, but i just ran grc.com's probe's on my own firewall, since it's been a while since i've tested it.

The site didn't find any of my open ports (ssh,ftp amongst other popular ports). So i definately wouldn't trust this site.. grab a copy of nmap and run multiple tests from it... you'l get a MUCH more accurate picture.

BlUz

eivinn · Apprentice Joined: 10 Jul 2002 Posts: 219 Location: Norway

What commands do I have to add to nmap for it to test my computer for servers?

I have run just plain nmap localhost and it returns lots of sockets I didn't know should be open at all.

tgnb · Posted: Sun Aug 18, 2002 4:13 pm Post subject: nmap

afaik

nmap -v localhost

returns the open ports of your system

This means it shows ports that are opened by whatever services you have running prior to being filtered by the firewall.

nmap -v yourmachinesexternalIP

returns the ports that are open to the world

This shows the ports that are open to the Internet. It is of course still recommended to shut down any other extra services you have running unless you need them. But with Gentoo this really isnt an issue anyway since only services are running that you installed.

-v is for verbose - it tells you a little bit more while scanning

Chickpea · l33t Joined: 03 Jun 2002 Posts: 846 Location: Vancouver WA

Another site to test your firewall is http://scan.sygate.com This company makes a firewall so they also try to get you to look at the products but they have several tests that they scan for and I have been pretty pleased. I have used the test both on my Windows machine and the Gentoo machine.

Try it out. you'll like it.

Cat