Free Shipping in Australia on over 5 million books in stock
Troubleshooting Linux Firewalls By Michael Shinn

Troubleshooting Linux Firewalls

Used Price
inc. GST
Free Shipping in Australia
Brings together the step-by-step solutions and proven problem-solving techniques. This book presents an easy, start-to-finish troubleshooting methodology that helps you identify the firewall problem fast - and solve it. It covers various areas where Linux firewalls can go wrong: rules and filtering problems, Layer 2/3/4 issues, and more.

Only 1 left

Troubleshooting Linux Firewalls Summary

Troubleshooting Linux Firewalls by Michael Shinn

While Linux firewalls are inexpensive and quite reliable, they lack the supportcomponent of their commerical counterparts. As a result, most users of Linuxfirewalls have to resort to mailing lists to solve their problems. Our authorshave scoured firewall mailing lists and have compiled a list of the most oftenencountered problems in Linux firewalling. This book takes a Chilton's manualdiagnostic approach to solving these problems.The book begins by presenting the two most common Linux firewallconfigurations and demonstrates how to implement these configurations in animperfect network environment, not in an ideal one. Then, the authors proceedto present a methodology for analyzing each problem at various network levels:cabling, hardware components, protocols, services, and applications. Theauthors include diagnostic scripts which the readers can use to analyze andsolve their particular Linux firewall problems. The reference distributions areRed Hat and SuSE (for international market).

Customer Reviews - Troubleshooting Linux Firewalls

Why buy from World of Books

Our excellent value books literally don't cost the earth
Free delivery in Australia
Read more here
Every used book bought is one saved from landfill

About Michael Shinn


Michael Shinn is managing partner of the Prometheus Group, an IT security consulting firm. He was formerly a member of Cisco's Advanced Network Security Research group and a senior software developer and founding member of the firm's Signatures and Exploits Development Team.

Scott Shinn co-founded Plesk, a server management firm. He was formerly a senior network security engineer specializing in penetration testing for Fortune 50 clients at Wheelgroup, a firm later acquired by Cisco.

Both authors served on the White House technology staff, specializing in security and penetration testing of both internal and Internet-connected systems.

(c) Copyright Pearson Education. All rights reserved.

Table of Contents


1. Introduction.

Why We Wrote This Book

How This Book Is Organized

Goals of This Book

The Methodical Approach and the Need for a Methodology

Firewalls, Security, and Risk Management

How to Think About Risk Management

Computer Security Principles

Firewall Recommendations and Definitions

Why Do I Need a Firewall?

Do I Need More Than a Firewall?

What Kinds of Firewalls Are There?

Firewall Types

The Myth of "Trustworthy" or "Secure" Software

Know Your Vulnerabilities

Creating Security Policies


Defense in Depth


2. Getting Started.

Risk Management

Basic Elements of Risk Management

Seven Steps to Managing Risk

Phase I: Analyze


Quantify the Value of the Asset

Threat Analysis

Phase II: Document

Create Your Plan

Create a Security Policy

Create Security Procedures

Phase III: Secure the Enterprise

Implement Policies

Implement Procedures

Deploy Security Technology and Counter Measures

Securing the Firewall Itself

Isolating Assets


Ingress/Egress Filtering

Phase IV: Implement Monitoring

Phase V: Test

Phase VI: Integrate

Phase VII: Improve


3. Local Firewall Security.

The Importance of Keeping Your Software Up to Date


red carpet




Over Reliance on Patching

Turning Off Services

Using TCP Wrappers and Firewall Rules

Running Services with Least Privilege

Restricting the File System

Security Tools to Install

Log Monitoring Tools

Network Intrusion Detection

Host Intrusion Detection

Remote Logging

Correctly Configure the Software You Are Using

Use a Hardened Kernel

Other Hardening Steps


4. Troubleshooting Methodology.

Problem Solving Methodology

Recognize, Define, and Isolate the Problem

Gather Facts

Define What the "End State" Should Be

Develop Possible Solutions and Create an Action Plan

Analyze and Compare Possible Solutions

Select and Implement the Solution

Critically Analyze the Solution for Effectiveness

Repeat the Process Until You Resolve the Problem

Finding the Answers or...Why Search Engines Are Your Friend




5. The OSI Model: Start from the Beginning.

Internet Protocols at a Glance

Understanding the Internet Protocol (IP)

Understanding ICMP

Understanding TCP

Understanding UDP

Troubleshooting with This Perspective in Mind


6. netfilter and iptables Overview.

How netfilter Works

How netfilter Parses Rules

Netfilter States

What about Fragmentation?

Taking a Closer Look at the State Engine


7. Using iptables.

Proper iptables Syntax

Examples of How the Connection Tracking Engine Works

Applying What Has Been Covered So Far by Implementing Good Rules

Setting Up an Example Firewall

Kernel Options

iptables Modules

Firewall Rules

Quality of Service Rules

Port Scan Rules

Bad Flag Rules

Bad IP Options Rules

Small Packets and Rules to Deal with Them

Rules To Detect Data in Packets Using the String Module

Invalid Packets and Rules to Drop Them

A Quick Word on Fragments

SYN Floods

Polite Rules

Odd Port Detection and Rules to Deny Connections to Them

Silently Drop Packets You Don't Care About

Enforcement Rules

IP Spoofing Rules

Egress Filtering

Send TCP Reset for AUTH Connections

Playing Around with TTL Values

State Tracking Rules


Shunning Bad Guys



8. A Tour of Our Collective Toolbox.

Old Faithful


Analyzing Traffic Utilization

Network Traffic Analyzers

Useful Control Tools

Network Probes

Probing Tools

Firewall Management and Rule Building


9. Diagnostics.

Diagnostic Logging

Scripts To Do This for You

The catch all Logging Rule

The iptables TRACE Patch

Checking the Network

Using a Sniffer to Diagnose Firewall Problems

Memory Load Diagnostics



10. Testing Your Firewall Rules (for Security!).

INSIDE->OUT Testing with nmap and iplog

Interpreting the Output from an INSIDE->OUT Scan

Testing from the OUTSIDE->IN

Reading Output from nmap

Testing your Firewall with fragrouter



11. Layer 2/Inline Filtering.

Common Questions

Tools Discussed in this Part

Building an Inline Transparent Bridging Firewall with ebtables (Stealth Firewalls)

Filtering on MAC Address Bound to a Specific IP Address with ebtables

Filtering Out Specific Ports with ebtables

Building an Inline Transparent Bridging Firewall with iptables (Stealth Firewalls)

MAC Address Filtering with iptables

DHCP Filtering with ebtables


12. NAT (Network Address Translation) and IP Forwarding.

Common Questions about Linux NAT

Tools/Methods Discussed in this Part

Diagnostic Logging

Viewing NAT Connections with netstat-nat

Listing Current NAT Entries with iptables

Listing Current NAT and Rule Packet Counters

Corrective Actions


13. General IP (Layer 3/Layer 4).

Common Question

Inbound: Creating a Rule for a New TCP Service

Inbound: Allowing SSH to a Local System

Forward: SSH to Another System

SSH: Connections Timeout

telnet: Forwarding telnet Connections to Other Systems

MySQL: Allowing MySQL Connections


14. SMTP (e-mail).

Common Questions

Tools Discussed in this Part

Allowing SMTP to/from Your Firewalls

Forwarding SMTP to an Internal Mail Server

Forcing Your Mail Server Traffic to Use a Specific IP Address with an SNAT Rule

Blocking Internal Users from Sending Mail Through Your Firewall

Accept Only SMTP Connections from Specific Hosts (ISP)

SMTP Server Timeouts/Failures/Numerous Processes

Small e-Mail Send/Receive Correctly-Large e-Mail Messages Do Not


15. Web Services (Web Servers and Web Proxies).

Common Questions

Tools Discussed in this Part

Inbound: Running a Local Web Server (Basic Rules)

Inbound: Filter: Incoming Web to Specific Hosts

Forward: Redirect Local Port 80 to Local Port 8080

Forwarding Connections from the Firewall to an Internal Web Server

Forward: To Multiple Internal Servers

Forward: To a Remote Server on the Internet

Forward: Filtering Access to a Forwarded Server

Outbound: Some Websites Are Inaccessible (ECN)

Outbound: Block Clients from Accessing Websites

Transparent Proxy Servers (squid) on Outbound Web Traffic


16. File Services (NFS and FTP).

Tools Discussed in this Part

NFS: Cannot Get NFS Traffic to Traverse a NAT or IP Forwarding Firewall

FTP Inbound: Running a Local FTP Server (Basic Rules)

FTP Inbound: Restricting Access with Firewall Rules

FTP Inbound: Redirecting FTP Connections to Another Port on the Server

FTP Forward: Forwarding to an FTP Server Behind the Firewall on a DMZ Segment

FTP Forward: Forwarding to Multiple FTP Servers Behind the Firewall on a DMZ Segment

FTP Forward: From One Internet Server to Another Internet Server

FTP Forward: Restricting FTP Access to a Forwarded Server

FTP Outbound: Connections are Established, but Directories Cannot Be Listed, and Files Cannot Be Downloaded


17. Instant Messaging.

Common Questions/Problems

Tools Discussed in This Part

NetMeeting and GnomeMeeting

Connecting to a Remote NetMeeting/GnomeMeeting Client from Behind an iptables Firewall (Outbound Calls Only)

Connecting to a NetMeeting/GnomeMeeting Client Behind a netfilter/iptables Firewall (Inbound/Outbound Calls)

Directly from the GnomeMeeting Website's Documentation

Blocking Outbound NetMeeting/GnomeMeeting Traffic

MSN Messenger

Connecting to Other MSN Users

Blocking MSN Messenger Traffic at the Firewall

Yahoo Messenger

Connecting to Yahoo Messenger

Blocking Yahoo Messenger Traffic

AOL Instant Messenger (AIM)

Connecting to AIM

Blocking AOL Instant Messenger Traffic


Connecting to ICQ

Blocking ICQ


Recalling Our Methodology


Common Questions

Tools Discussed in this Part

Forwarding DNS Queries to an Upstream/Remote DNS Server

DNS Lookups Fail: Internal Hosts Communicating to an External Nameserver

DNS Lookups Fail: Short DNS Name Lookups Work-Long Name Lookups Do Not

DNS Lookups Fail: Nameserver Running on the Firewall

DNS Lookups Fail: Nameserver Running on the Internal and/or DMZ Network

Misleading rDNS Issue: New Mail, or FTP Connections to Remote Systems Take 30 Seconds or More to Start

DHCP: Dynamically Updating Firewall Rules with the IP Changes

Blocking Outbound DHCP

DHCP: Two Addresses on One External Interface

DHCP: Redirect DHCP Requests to DMZ


19. Virtual Private Networks.

Things to Consider with IPSEC

Common Questions/Problems

Tools Discussed in this Part

IPSEC: Internal Systems-Behind a NAT/MASQ Firewall Cannot Connect to an External IPSEC Server

IPSEC: Firewall Cannot Establish IPSEC VPNs

IPSEC: Firewall Can Establish Connections to a Remote VPN Server, but Traffic Does not Route Correctly Inside the VPN

PPTP: Cannot Establish PPTP Connections Through the Firewall

Running a PPTP Server Behind a NAT Firewall

PPTP: Firewall Cannot Establish PPTP VPNs

PPTP: Firewall Can Establish Connections to a Remote VPN Server, but Traffic Does not Route Correctly Inside the VPN

Using a free/openswan VPN to Secure a Wireless Network



Additional information

Troubleshooting Linux Firewalls by Michael Shinn
Michael Shinn
Used - Very Good
Pearson Education (US)
Book picture is for illustrative purposes only, actual binding, cover or edition may vary.
This is a used book - there is no escaping the fact it has been read by someone else and it will show signs of wear and previous use. Overall we expect it to be in very good condition, but if you are not entirely satisfied please get in touch with us.