I want to install a firewall on centOS 6

Issues related to applications and software problems
imadeira
Posts: 30
Joined: 2019/08/21 19:28:43

I want to install a firewall on centOS 6

Post by imadeira » 2019/10/14 09:02:48

I want to install a firewall on centOS 6, but I don't know which one is right for CentOS 6 OS. Is it Untangle, or whatever? Can you help me. Thanks.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: I want to install a firewall on centOS 6

Post by TrevorH » 2019/10/14 09:10:38

We only supply iptables itself on CentOS 6. You can find 'ufw' in the EPEL third party yum repo.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: I want to install a firewall on centOS 6

Post by jlehtone » 2019/10/14 11:14:12

imadeira wrote:
2019/10/14 09:02:48
I want to install a firewall
What does installing a firewall mean to you?
What do you want to achieve? What is the actual goal?


CentOS 6 installs by default:
1. Linux kernel that has network traffic filtering subsystem, "netfilter"
2. Default (simple) ruleset for the netfilter
3. Service "iptables" that loads the ruleset into kernel during boot
4. User tool "iptables" for modifying active netfilter rules and for storing them into file (for the service)

In other words, your CentOS already has "firewall" (unless you have disabled it).


How do you want the effective ruleset to differ from the default?

imadeira
Posts: 30
Joined: 2019/08/21 19:28:43

Re: I want to install a firewall on centOS 6

Post by imadeira » 2019/10/16 10:56:32

I want / need to install open source untangle firewall software or another equivalent (32-bit) solution, because I need to define a rule set [this server will work as a print server]. On this server I installed CentOS 6 (also 32 bit).

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: I want to install a firewall on centOS 6

Post by TrevorH » 2019/10/16 11:13:54

You do know that CentOS 6 is approaching end of life? It has about 1 year left before there will be no more updates for it. Probably better to use CentOS 7 or even 8 (which is brand new and still suffers from lack of third party support).

Also, as said, you can find ufw in EPEL for CentOS 6:

Code: Select all

Name        : ufw
Arch        : noarch
Version     : 0.35
Release     : 9.el6
Size        : 225 k
Repo        : epel
Summary     : Uncomplicated Firewall
URL         : https://launchpad.net/ufw
License     : GPLv3
Description : The Uncomplicated Firewall(ufw) is a front-end for netfilter, which
            : aims to make it easier for people unfamiliar with firewall concepts.
            : Ufw provides a framework for managing netfilter as well as
            : manipulating the firewall.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: I want to install a firewall on centOS 6

Post by jlehtone » 2019/10/16 12:31:29

imadeira wrote:
2019/10/16 10:56:32
I want / need to install open source untangle firewall software or another equivalent (32-bit) solution, because I need to define a rule set [this server will work as a print server]. On this server I installed CentOS 6 (also 32 bit).
Do you have hardware so old that it lacks 64 bit support?

CentOS 7 is available for 32 bit architecture: http://isoredirect.centos.org/altarch/7/isos/i386/
Alas, EPEL for el7 does not have i386 branch.


Helper front-end, like UFW, is required only if you don't know how to define rules directly.

Firewalld is the helper front-end included in CentOS 7 and 8. Not sure how easy it is for the "unfamiliar" but Red Hat has documentation:
https://access.redhat.com/documentation ... _firewalls

imadeira
Posts: 30
Joined: 2019/08/21 19:28:43

Re: I want to install a firewall on centOS 6

Post by imadeira » 2019/10/18 10:32:44

I will use iptables to configure my firewall (this will be a print server), firewall rules should only allow RedeB source traffic (192.168.250.0/24) to ip 192.168.1.209 only. (All ports in a 1st phase send the necessary ports via this route).
Management of the firewall should only be possible from network 192.168.0.64/26 and network 192.168.1.0/24.
To allow Network B source traffic:
#iptables -A INPUT -s 192.168.250.0/24 -j ACCEPT
For the destination, I don't know if I will use FORWARD or PREROUTING, if I use FORWARD, it will look like this:
#iptables -A FORWARD -d 192.168.1.209 -j ACCEPT.
And then you would have to open the print service ports (network 192.168.1.0/24):
#iptables -A INPTUT -s 192.168.1.0/24 -p tcp -m tcp -dport 631 -j ACCEPT, and then do the same thing for the udp protocol.
And I don't quite know how to do it for the 192.168.0.64/26 network.
And I don't know if what I've done so far is fine. Could they help me? Thanks.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: I want to install a firewall on centOS 6

Post by jlehtone » 2019/10/18 17:56:50

How many IP addresses does the machine have? One? The 192.168.1.209?

"print server"
What does that mean? What protocols and ports of the server do the "print services" listen for incoming traffic?

"management"
What service is that? What port, protocol, IP address?

Show us your current ruleset with:

Code: Select all

iptables -S

imadeira
Posts: 30
Joined: 2019/08/21 19:28:43

Re: I want to install a firewall on centOS 6

Post by imadeira » 2019/10/22 11:05:56

Good morning, I still can not list the rules, because I have not defined them, because I have some doubts. The server where I will implement the firewall rules will serve as a print server. My server has 2 network cards, which are: RedeA: 192.168.4.0/27, and RedeB: 192.168.250.0/24.
The eth0 card's IP should be: 192.168.4.20, and the eth1 card's IP should be: 192.168.250.254.
Firewall rules should allow RedeB source traffic to ip 192.168.1.2019 only (all ports in the first phase send the required ports later on). Management of the firewall should only be possible from network 192.168.0.64/26 and network 192.168.1.0/24. And it is with this data that I have to build my rules. but I have some doubts.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: I want to install a firewall on centOS 6

Post by jlehtone » 2019/10/22 15:09:09

imadeira wrote:
2019/10/22 11:05:56
Good morning, I still can not list the rules
You can run iptables -S even if you have no rules. There should be some default rules and they affect how you must add more.

Two addresses & networks:
A: 192.168.4.20/27, (range .1--.30)
B: 192.168.250.254/24, (range .1--.254)

192.168.0.64/26 is not part of those networks.
192.168.1.0/24 is not part of those networks.
192.168.1.209 is part of 192.168.1.0/24.

What routes do you have?

Code: Select all

ip ro
How will you "manage firewall"? What program is used to connect to the server to do the management?


Ok, "printing" means the Internet Printing Protocol that listens ports 631/tcp and 631/udp. Who should be able to print?

Post Reply