Needs some help Concerning firewall programs

[ziohausam]

Hi all

It is my first time here and i am very pleased to find this great forum that strongly gives major support to its members.

Actuallly my problem is little complicated... i know nothing about network and its concepts... and i am now in a situation that i am obliged to test a firewall program. and this will be within couple of days.. so i have downloaded some firewall programs to try to be familiar with it.. and now i face so many questions and options that are considered to be so difficult to me to understand.
i have searched alot about them and i found your great forum by chance... and i am full of hopes that i can find all answers to my problems here

i will mention now some of the options that i want to know what are these... and how exactly i can test them.

1- Allow/block outgoing DNS
2- Allow/block outgoing DHCP
3- incomming UDP Ports

as i have the answers to these 3 options.. i may have some else to ask about

I realy appreciate your help
Thanks

 

[tractorboy]

Kerio has some good programs that you can configure the firewall what to block. Why do you think you have to have a firewall. Do you have broadband ? What I would suggest is to r4ead up on the subject and not rely on someone else.

here is a start
http://www.howstuffworks.com/firewall.htm

 

[root]

hmm... the easiest way to test these...

DNS works on port 53... easiest way to test this...

set up the firewall either to bock port 53 TCP, or if it has named services tell it to block DNS...

now start a command prompt, type nslookup
then type google.co.uk...

a name server should respond...

like this...

> google.co.uk
Server:  [192.168.88.1]
Address:  192.168.88.1

Non-authoritative answer:
Name:    google.co.uk
Addresses:  216.239.59.104, 216.239.39.104, 216.239.57.104

now set yuor name server to something else...

type server 62.31.176.39

now... (if dns is allowed out you should see)

> google.co.uk
Server:  ns1-wol.blueyonder.net
Address:  62.31.176.39

Non-authoritative answer:
Name:    google.co.uk
Addresses:  216.239.57.104, 216.239.59.104, 216.239.39.104

if not you should see a message saying something like this

> google.com
Server:  [62.31.176.39]
Address:  62.31.176.39

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to [62.31.176.39] timed-out

you'll also see int he firewall logs that the packetsare being dropped...

 

[root]

DHCP is a little more complicated...

DHCP is sent out as a broacast packet 255.255.255.255 so that all machines see the packet, and hopefully a DHP server will respond,

this, means that your firewall will see the packet, but will not necessarily respond

dhcp works using serveral ports.
see (http://www.iana.org/assignments/port-numbers)...

to check if these ports can be reached outside of your firewall open the command prompt (again) and type telnet google.com [port-number]

eg telnet google.com 68

you should see that the connection is erfused and that the packet being dropped is again noted in the firewall logs... assuming this happens, then great the firewall passed test 2...

 

[root]

ter isn't really a way to test incoming udp ports...

at least not without bneing on the outside and trying to come in... all I could suggest is that you have the firewall machine attached to an internet connection for an hour or so, and hope that something tries to access that machine using a UDP... if you see UDP packets being dropped in the log files, then great, test 3 is a suces also...

you could try thinking of a program that uses UDP... the only one that I can think of where you can "attack" your network searching for vulnerabilities is NMAP...

or this site...
www.grc.com

I hope that hels, (and I hope it's not too late!).