Friday, January 04, 2008

Arno's Iptables Firewall on my Ubuntu Gutsy

Ipkungfu is acting weird on Ubuntu Gutsy box lately. It sometimes locks the machine from the other PCs in the LAN (I can't ssh or vnc to it) and even disables the transparent proxying for Squid :(. I can't seem to find the problem so every time it locks the server (which acts as squid proxy, router, gateway, dhcp, and vmware server host) I simply reinstall ipkungfu and it works again but then after a few more days, the server got locked up again. :(

So what I did is to try find another easy to use firewall script... and that is when I came upon Arno's Iptables Firewall. To quote from its freshmeat.org entry:
"Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. It supports NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ support, protection against SYN/ICMP flooding, experimental IPv6 support, multi-interface/aliased-IP support, and extensive user definable logging with rate limiting to prevent log flooding. It has plugin support to add extra features (like SSH Brute Force protection and (Racoon) IPSEC support). It is easy to configure and highly customizable. A filter script that makes your firewall log more readable is also included."
To install it on ubuntu, fire up synaptic then look for and install the arno-iptables-firewall package. It will also install the following packages: gawk and lynx.

After the download it will run a simple wizard that will also questions like what is your internet and external interfaces, what ports should be allowed, etc. After answering the questions, it will be installed and is ready to run.

To enable transparent proxying, open with your favorite text editor the file "/etc/arno-iptables-firewall/firewall.conf" and then search for the term "3128" and then simply uncomment the line pertaining to it.

To reconfigure your firewall, simply do a "sudo dpkg-reconfigure arno-iptables-firewall" and an easy to understand text-based wizard will come up. To make it run on boot, do a "sudo invoke-rc.d arno-iptables-firewall start" command.

So far its running great on my machine. Remember when I blogged about ipkungfu kicking firestarter out of my machine? Now it seems arno is ready to kick ipkungfu, but let me find out first after a series of tests.

For the FAQ on arno, read here.

2 comments:

Anonymous said...

So did this replace ipkungfu? Do you have two interface adapters on your system or just one? Can you do transparent proxying with only one interface.

fishfillet said...

Yes it did. I had two NICs (I actually have 3).

I haven't tried transparent proxying with only one interface.