Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > When iptables stop the machine is a plain router

Reply
Thread Tools Display Modes

When iptables stop the machine is a plain router

 
 
Jose Maria Lopez Hernandez
Guest
Posts: n/a

 
      09-29-2004, 09:23 PM
Maurice Hoeneveld wrote:
> Now something weird happens (at least for a firewall)
> When iptables stops working (manual, crashed or bufferoverflow by a
> DoS attack) the machine is a plain router/bridge. So all traffic is
> allowed based on the available routingtable in the machine.

It's the way it's meant to be, if you stop the firewall the machine
should be still working as a router, it's the way it's configured.
You can use NAT so if the firewall stops the packets stop being
routed to internet, or you can have a script that stops the routing
if the firewall is off.

I have not seen iptables crashing or stopping ever, it just stops
if you want to.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
(E-Mail Removed)
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
 
Reply With Quote
 
 
 
 
Maurice Hoeneveld
Guest
Posts: n/a

 
      09-29-2004, 09:26 PM
I do use a RedHat 7 hardened machine with with 4 interfaces and
iptables on it as a firewall.
There are several internal networks defined in the routing table of
this machine.

No consider the following;

When I use start iptables the machine acts like a firewall and only
traffic that is allowed in the rules is send trough the firewall. The
rest is blocked ofcourse.

Now something weird happens (at least for a firewall)
When iptables stops working (manual, crashed or bufferoverflow by a
DoS attack) the machine is a plain router/bridge. So all traffic is
allowed based on the available routingtable in the machine.

When I see other firewall systems like Checkpoint for example you can
see that when the firewall processes are killed, the machine also
stops routing and is a kind of stealth environment like it should be
in case of an incident.

Anyone know how to solve this issue because I dont want that when
iptables is stopped my trusted environment is public available.

Thanks for your help and suggestions in advance.

Maurice Hoeneveld
(E-Mail Removed)
 
Reply With Quote
Reply

« Squid problems (first time run). | minicom: cannot open /dev/usb/tts/0: No such file or directory »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: redirecting an outgoing connection to another machine bl8n8r Linux Networking 1 06-12-2007 02:23 AM
Linux IPTables tutorial pdfs and plain text available Flosse Linux Networking 1 01-12-2007 11:17 AM
help with maxdsl in plain english please dylan30 Broadband 4 10-28-2006 11:08 AM
iptables masquerading/snat stop working upon moving to kernel 2.6 S P Arif Sahari Wibowo Linux Networking 6 08-24-2005 03:13 AM
Redirecting a port too another machine using iptables... Victor Cappuccio Linux Networking 1 06-07-2004 09:21 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11