Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions

  




 

 

< Previous Section: Firewalls - What exactly is a Firewall?  Table of Contents   Next Section: Configuring a Typical Router Based Firewall >

2.2      How a Firewall Works

A typical firewall can perform a number of tasks depending on the complexity of the firewall itself. The basic functions of a firewall are as follows:

2.2.1      Stealth Mode - Discarding Pings

This requires a little explanation. There is a common mechanism in networked environments for finding out if a particular system is up and running and connected to the network. Typically a utility called ping is given the IP address of the remote system. The ping utility sends a data packet to the remote system represented by the IP address and waits for a reply. If it gets a reply then the user knows that the system at that address is available on the network.

Whilst this seems innocuous enough there is actually good reason to configure your firewall to not respond to ping requests. You’ve probably seen the old war movies (and some new ones too) where the destroyer on the surface of the ocean uses sonar to try to locate a submarine somewhere in the depths below. The sonar sends out pings and waits to see if the sounds bounces back off the hull of the submarine. When the destroyer gets an echo it drops depth charges in an attempt to destroy the submarine. Compare this to your Linux system. The hacker will send out ping packets to every IP address on the planet and attack those that reply. By not responding to the ping packet you have a greater chance of remaining anonymous to the attacker – rather like a stealth submarine that is impervious to sonar. 

Don’t be fooled by “experts” who try to tell you that ping stands for Packet Internet Groper. This just an attempt by those experts to make something sound more complicated than it is. The author of ping states that he chose that name because of the noise made by sonar.

2.2.2      Port Forwarding and Blocking

Port blocking is the most fundamental level of firewall security and will be used by most home or small business users to protect their systems. 

As we mentioned previously computer systems communicate through ports. A firewall can be used to block any ports that you do not want to be open to your systems inside the firewall. For example FTP operates through port 21. If you do not wish anyone on the outside to have ftp access to your systems you will need to configure your firewall to block port 21.

Conversely, Port Forwarding is also a very useful tool to have. Suppose you have three Linux systems on your internal network and want to be able to telnet into one of those systems when you are outside your firewall (perhaps at the local café using the free Wi-Fi connection while you drink your coffee or while in a hotel on a business trip). In this situation you will configure your firewall to forward port 21 connections to the system you want to access from outside. When you connect to your IP address using telnet the firewall will see the packets arriving on port 21 and know that it must forward them to the IP address of the machine you have designated. If you have more than one system on your network it is essential that you set up port forwarding to handle this. After all, without port forwarding how would the router know which internal system you wanted to connect to?

2.2.3      Packet Filtering

Packet filtering is a much more advanced mechanism for providing security and is not available in typical small business or home use router devices.

Data is transmitted over networks and the internet in what are called packets. Each packet contains information about where the data came from and where it is going to (i.e the IP address of the sender and the your IP address). In fact a packet contains a great deal of information about the nature of the data being transmitted and many advanced firewall solutions allow you to filter the data packets coming in through your internet connection to allow or disallow packets depending on what are called filtering rules. For example you might allow a telnet session (which allows you to log into your Linux system from outside) but disallow ftp packets (which allow files to be transferred to and from of your Linux system). You may also choose to block packets arriving from an IP address that you know to be suspicious.

< Previous Section: Firewalls - What exactly is a Firewall?  Table of Contents   Next Section: Configuring a Typical Router Based Firewall >

 
 
  © Copyright 2005-2010 Linuxtopia. All Rights Reserved.