what is the default firewall on a fresh install of Debian7 arm on a pogop0lugE02

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

what is the default firewall on a fresh install of Debian7 arm on a pogop0lugE02

Richard Bown
Hi ,
whats the default firewall mechanism on a fresh install of wheezy on a pogoplugE02.
iptables isn't running, ufw hasn't been started. I've looked all through /etc/init.d and /etc plus
most of everything else. I need to open 8080 & 8081/tcp  and spent all day googling for a hint
I ran webmin and while the daemon was running port 10000 was open, on a reboot that was closed
again.
So it looks as if ports are only opened while the daemon using that port are open. I have Motion
running but the ports it uses are closed.
Will running iptables or starting ufw disable this action, and where is the config file for it.
The last time I used Deb&, Wheezy, ufw was enabled by default, on deb arm it is not enabled by
default and something else is used, but what ??????????

TIA

--
--
Best wishes / 73
Richard Bown

Email : [hidden email]
HTTP  :http://www.g8jvm.info
nil carborundum a illegitemis
##################################################################################
Ham Call G8JVM . OS Fedora FC18 x86_64 on a Dell Inspiron N5030 laptop
Maidenhead QRA: IO82SP38, LAT. 52 39.720' N LONG. 2 28.171 W ( degs+mins )
QRV VHF 6mtrs 200W, 4 mtrs 150W, 2mtrs 350W, 70cms 200W
Microwave 23 cms 140W, 13 cms 100W, 6 cms 0W & 3cms 5W
##################################################################################
Please do not use the e-mail address of [hidden email]
Mail hosted by 1and1, Domain screwed up by 1and1 and Freeparking


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20130424184321.59f3cab8@...

Reply | Threaded
Open this post in threaded view
|

Re: what is the default firewall on a fresh install of Debian7 arm on a pogop0lugE02

Timo Lindfors-2
Richard Bown <[hidden email]> writes:
> whats the default firewall mechanism on a fresh install of wheezy on a
> pogoplugE02.

There is no firewall.

> I ran webmin and while the daemon was running port 10000 was open, on a reboot that was closed
> again.

How did you determine this?


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/844nev4xzy.fsf@...

Reply | Threaded
Open this post in threaded view
|

Re: what is the default firewall on a fresh install of Debian7 arm on a pogop0lugE02

Richard Bown
On Wed, 24 Apr 2013 20:52:33 +0300
Timo Juhani Lindfors <[hidden email]> wrote:

> Richard Bown <[hidden email]> writes:
> > whats the default firewall mechanism on a fresh install of wheezy on a
> > pogoplugE02.
>
> There is no firewall.
>
> > I ran webmin and while the daemon was running port 10000 was open, on a reboot that was closed
> > again.
>
> How did you determine this?
>
>

By running nmap:-
and at this point motion was active, and webmin was not active.
This is with ufw running as well .
[richard@localhost ~]$ sudo nmap -vv -p1-20000 -sS 192.168.101.13

Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-24 19:07 BST
Initiating ARP Ping Scan at 19:07
Scanning 192.168.101.13 [1 port]
Completed ARP Ping Scan at 19:07, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:07
Completed Parallel DNS resolution of 1 host. at 19:07, 0.02s elapsed
Initiating SYN Stealth Scan at 19:07
Scanning 192.168.101.13 [20000 ports]
Discovered open port 22/tcp on 192.168.101.13
Discovered open port 631/tcp on 192.168.101.13
Completed SYN Stealth Scan at 19:08, 41.76s elapsed (20000 total ports)
Nmap scan report for 192.168.101.13
Host is up (0.0016s latency).
Scanned at 2013-04-24 19:07:45 BST for 42s
Not shown: 19995 filtered ports
PORT      STATE  SERVICE
22/tcp    open   ssh
631/tcp   open   ipp
8080/tcp  closed http-proxy
8081/tcp  closed blackice-icecap
10000/tcp closed snet-sensor-mgmt
MAC Address: 00:25:31:04:97:78 (Cloud Engines)

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 41.89 seconds
           Raw packets sent: 40027 (1.761MB) | Rcvd: 1633 (186.864KB)


root@Pogopig:/etc# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
8080/tcp                   ALLOW IN    Anywhere
8081/tcp                   ALLOW IN    Anywhere
631/tcp                    ALLOW IN    Anywhere
10000/tcp                  ALLOW IN    Anywhere
22/tcp                     ALLOW IN    Anywhere (v6)
8080/tcp                   ALLOW IN    Anywhere (v6)
8081/tcp                   ALLOW IN    Anywhere (v6)
631/tcp                    ALLOW IN    Anywhere (v6)
10000/tcp                  ALLOW IN    Anywhere (v6)


And this is with ufw diabled so the port should be open
Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-24 19:14 BST
Initiating ARP Ping Scan at 19:14
Scanning 192.168.101.13 [1 port]
Completed ARP Ping Scan at 19:14, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:14
Completed Parallel DNS resolution of 1 host. at 19:14, 0.02s elapsed
Initiating SYN Stealth Scan at 19:14
Scanning 192.168.101.13 [20000 ports]
Discovered open port 22/tcp on 192.168.101.13
Discovered open port 631/tcp on 192.168.101.13
Completed SYN Stealth Scan at 19:14, 3.88s elapsed (20000 total ports)
Nmap scan report for 192.168.101.13
Host is up (0.0058s latency).
Scanned at 2013-04-24 19:14:16 BST for 4s
Not shown: 19998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
631/tcp open  ipp
MAC Address: 00:25:31:04:97:78 (Cloud Engines)

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.03 seconds
           Raw packets sent: 20013 (880.556KB) | Rcvd: 20001 (800.036KB)


With no firewall enable ports especially where Motion is running and using ports 8080 & 8081 /tcp
should be open.
But they are not.
Something else is holding those ports shut.
--
--
Best wishes / 73
Richard Bown

Email : [hidden email]
HTTP  :http://www.g8jvm.info
nil carborundum a illegitemis
##################################################################################
Ham Call G8JVM . OS Fedora FC18 x86_64 on a Dell Inspiron N5030 laptop
Maidenhead QRA: IO82SP38, LAT. 52 39.720' N LONG. 2 28.171 W ( degs+mins )
QRV VHF 6mtrs 200W, 4 mtrs 150W, 2mtrs 350W, 70cms 200W
Microwave 23 cms 140W, 13 cms 100W, 6 cms 0W & 3cms 5W
##################################################################################
Please do not use the e-mail address of [hidden email]
Mail hosted by 1and1, Domain screwed up by 1and1 and Freeparking


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20130424191804.3c474fd2@...

Reply | Threaded
Open this post in threaded view
|

Re: what is the default firewall on a fresh install of Debian7 arm on a pogop0lugE02

Timo Lindfors-2
Richard Bown <[hidden email]> writes:
> root@Pogopig:/etc# ufw status verbose

Hmm, why did you install ufw in the first place? Also, I don't really
think this has anything to do with ARM. Maybe you could ask on
debian-user mailing list instead?


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/84wqrr3hp0.fsf@...

Reply | Threaded
Open this post in threaded view
|

Re: what is the default firewall on a fresh install of Debian7 arm on a pogop0lugE02

Richard Bown
On Wed, 24 Apr 2013 21:30:03 +0300
Timo Juhani Lindfors <[hidden email]> wrote:

> Richard Bown <[hidden email]> writes:
> > root@Pogopig:/etc# ufw status verbose
>
> Hmm, why did you install ufw in the first place? Also, I don't really
> think this has anything to do with ARM. Maybe you could ask on
> debian-user mailing list instead?
>
>

I installed ufw to see if it would overide the system defaults.
I'll unsubscribe this list as everything I ask is deemed off topic.
I get the impression this list is only for developers and users of the latest ARM and Cortex
devices.  
I was grossly mistaken to suspect that running Debian on an ARM5TE was supported by the debian-arm
list.

--
--
Best wishes / 73
Richard Bown

Email : [hidden email]
HTTP  :http://www.g8jvm.info
nil carborundum a illegitemis
##################################################################################
Ham Call G8JVM . OS Fedora FC18 x86_64 on a Dell Inspiron N5030 laptop
Maidenhead QRA: IO82SP38, LAT. 52 39.720' N LONG. 2 28.171 W ( degs+mins )
QRV VHF 6mtrs 200W, 4 mtrs 150W, 2mtrs 350W, 70cms 200W
Microwave 23 cms 140W, 13 cms 100W, 6 cms 0W & 3cms 5W
##################################################################################
Please do not use the e-mail address of [hidden email]
Mail hosted by 1and1, Domain screwed up by 1and1 and Freeparking


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20130424194549.2cf500e6@...

Reply | Threaded
Open this post in threaded view
|

Re: what is the default firewall on a fresh install of Debian7 arm on a pogop0lugE02

peter green-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Richard Bown wrote:
>I ran webmin and while the daemon was running port 10000 was open,
>on a reboot that was closed again. So it looks as if ports are only
>opened while the daemon using that port are open.
That is how every operating system i've ever used behaves when there
is no firewall. Ports are only "open" when there is something listening
on them.

>I installed ufw to see if it would overide the system defaults.
A firewall can only filter or reject stuff, it can't really accept
stuff if there is no application there to take it.

>I'll unsubscribe this list as everything I ask is deemed off topic.
>I get the impression this list is only for developers and users of the
>latest ARM and Cortex devices.  
>I was grossly mistaken to suspect that running Debian on an ARM5TE was
>supported by the debian-arm list.
IMO issues with debian installs on arm systems are on-topic on this list.
Until and unless it's determined with reasonable certainty that the issue
is not platform specific.

Please don't take a suggestion that a particular question may be
better handled on another list as an indication that your device is
not supported here.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJReDE4AAoJEAxI6ip6j/17jIUP/0LHI0i+zTzvNBv4IAjGQ69V
ZRa9syfBo7wUQXR42QHsGE2agzX3TbqkdAmwrk0nu75Vh+XACno6yfN7IVs2KR5/
GdsVijlBaXb/Jf93MJmG01P9FYDosKo1429tjma7lJTEnEu1JfgK6ng+L30q9b80
xc9drT6H9EHS0FCo+2inVlb2pcxzx+cChmS02PyFuc1pToycb7rXcTGOZ9p4pW+r
5feJlcuNmWBhyToTqbWyuDDUvn6G5wQCK3M7XAZiMBlX/pdmluIX8S8v8bW2Mai/
awnNqCITvC4Sr3NFlepwBTPrHactCLb0r19asx2dsjOQJfR+1HGG6ckK2ODebRDv
B7eIksF5pvfElFWvZh7Dq65KXLjdYvXXSVr4bIn7nX/25WQwXrlI50kzkkHSJWRM
CgWOXrny6TldY7Nz8+IGC7thIbcHKwRhpjooryN3EwkaDaPh/JrMMGlvLjJ6y4x5
pwPWvfy8gq/UPSfZn6ZPFCQbxSJ4pEz/XpdprZ9ez6dyEFrMAB6Pw9B8Wo0NOQdL
vsKgvkNA9EHLLuaGcMPkXdpcCqzySwEERqHsXHYoE9coAl9mWDaj8ac4vqo4MkD+
u5hPx5FMd8tfTxOPKH08/GSxyCkJX0JnBQT5GQma9f20Zq1yDoZN+SqywBt1wa0J
Trof9WtOhMW9gzWjUPlA
=bLUc
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/5178319E.4070003@...

Reply | Threaded
Open this post in threaded view
|

Re: what is the default firewall on a fresh install of Debian7 arm on a pogop0lugE02

Lennart Sorensen
In reply to this post by Richard Bown
On Wed, Apr 24, 2013 at 07:45:49PM +0100, Richard Bown wrote:
> I installed ufw to see if it would overide the system defaults.

The system defaults are to have no firewall of any kind.  A new install
by default does not have any ports blocked at all.  If something is
installed that listens on a port, then that port should be open, and
otherwise it should have no response.

Installing something means now you have one.  Help with a given firewall
is certainly not architecture specific, and would get way more answers
from a list dedicated to that particular firewall managing tool,
or debian-user.

> I'll unsubscribe this list as everything I ask is deemed off topic.
> I get the impression this list is only for developers and users of the latest ARM and Cortex
> devices.  
> I was grossly mistaken to suspect that running Debian on an ARM5TE was supported by the debian-arm
> list.

Installing and fixing issues compiling code on arm is very much what
this list is for.

How to use linux in general, is not, no matter what kind of device it is.

--
Len Sorensen


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20130424194313.GG21768@...

Reply | Threaded
Open this post in threaded view
|

Re: what is the default firewall on a fresh install of Debian7 arm on a pogop0lugE02

Andrew M.A. Cater
In reply to this post by Richard Bown
On Wed, Apr 24, 2013 at 07:45:49PM +0100, Richard Bown wrote:
> >
>
> I installed ufw to see if it would overide the system defaults.
> I'll unsubscribe this list as everything I ask is deemed off topic.
> I get the impression this list is only for developers and users of the latest ARM and Cortex
> devices.  
> I was grossly mistaken to suspect that running Debian on an ARM5TE was supported by the debian-arm
> list.
>

No, it's not that everything ARM is off topic. It is, effectively, that you asked
a non-ARM related question on a more general topic. Firewalls - probably more appropriate
for debian-user.

>From what I see below, you're probably more used to Fedora. Debian doesn't install a firewall
manager by default, though a minimal iptables is there available to use from the outset.

iptables -L

would show you - nornally all input/output/forwarding chains are set to accept by default
ie no rules are set, if I remember correctly.

It's also probably true that, just as some Fedora users are concerned with the release
of Fedora 19 Alpha today, we're slightly preoccupied by the main Debian release which
is coming up on May 5th ... sorry for any brevity.


Al the best,

Andy, G0EVX (ex G8UBG)

[hidden email]

> --
> --
> Best wishes / 73
> Richard Bown
>
> Email : [hidden email]
> HTTP  :http://www.g8jvm.info
> nil carborundum a illegitemis
> ##################################################################################
> Ham Call G8JVM . OS Fedora FC18 x86_64 on a Dell Inspiron N5030 laptop
> Maidenhead QRA: IO82SP38, LAT. 52 39.720' N LONG. 2 28.171 W ( degs+mins )
> QRV VHF 6mtrs 200W, 4 mtrs 150W, 2mtrs 350W, 70cms 200W
> Microwave 23 cms 140W, 13 cms 100W, 6 cms 0W & 3cms 5W
> ##################################################################################
> Please do not use the e-mail address of [hidden email]
> Mail hosted by 1and1, Domain screwed up by 1and1 and Freeparking
>
>
> --
> To UNSUBSCRIBE, email to [hidden email]
> with a subject of "unsubscribe". Trouble? Contact [hidden email]
> Archive: http://lists.debian.org/20130424194549.2cf500e6@...


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20130424195003.GA4579@...

Reply | Threaded
Open this post in threaded view
|

Re: what is the default firewall on a fresh install of Debian7 arm on a pogop0lugE02

Tony Godshall
Hi Richard, all.

What you should probably know about Debian, philosophically, is that
Debian's default is very small, no gui, no unnecessary daemons, such
that it is suitable for installation on very small and even embedded
systems.  Thus there's very little for an iptables firewall to
protect.  Debian daemons typically have to be reconfigured to be
accessible from outside- often they bind only to localhost without
user intervention.  Indeed it can be argued that if you keep the
services that bind to your external interface minimal and safe that a
"firewall" doesn't even do much for you if it's not a gateway.

But you can certainly set up iptables to taste, anything from a
handful of "up" iptables entries in /etc/network/interfaces to huge
automagical GUI things with lots of complicated knobs and
checkboxes.in apt-get.  Certainly there are things like rate-limiting
and packet prioritization for which iptables is good and "firewall"
tools can help set it up for you.

I concur that debian-user would have been a better forum for this topic.

Tony

On Wed, Apr 24, 2013 at 12:50 PM, Andrew M.A. Cater
<[hidden email]> wrote:

> On Wed, Apr 24, 2013 at 07:45:49PM +0100, Richard Bown wrote:
>> >
>>
>> I installed ufw to see if it would overide the system defaults.
>> I'll unsubscribe this list as everything I ask is deemed off topic.
>> I get the impression this list is only for developers and users of the latest ARM and Cortex
>> devices.
>> I was grossly mistaken to suspect that running Debian on an ARM5TE was supported by the debian-arm
>> list.
>>
>
> No, it's not that everything ARM is off topic. It is, effectively, that you asked
> a non-ARM related question on a more general topic. Firewalls - probably more appropriate
> for debian-user.
>
> >From what I see below, you're probably more used to Fedora. Debian doesn't install a firewall
> manager by default, though a minimal iptables is there available to use from the outset.
>
> iptables -L
>
> would show you - nornally all input/output/forwarding chains are set to accept by default
> ie no rules are set, if I remember correctly.
>
> It's also probably true that, just as some Fedora users are concerned with the release
> of Fedora 19 Alpha today, we're slightly preoccupied by the main Debian release which
> is coming up on May 5th ... sorry for any brevity.
>
>
> Al the best,
>
> Andy, G0EVX (ex G8UBG)
>
> [hidden email]
>
>> --
>> --
>> Best wishes / 73
>> Richard Bown
>>
>> Email : [hidden email]
>> HTTP  :http://www.g8jvm.info
>> nil carborundum a illegitemis
>> ##################################################################################
>> Ham Call G8JVM . OS Fedora FC18 x86_64 on a Dell Inspiron N5030 laptop
>> Maidenhead QRA: IO82SP38, LAT. 52 39.720' N LONG. 2 28.171 W ( degs+mins )
>> QRV VHF 6mtrs 200W, 4 mtrs 150W, 2mtrs 350W, 70cms 200W
>> Microwave 23 cms 140W, 13 cms 100W, 6 cms 0W & 3cms 5W
>> ##################################################################################
>> Please do not use the e-mail address of [hidden email]
>> Mail hosted by 1and1, Domain screwed up by 1and1 and Freeparking
>>
>>
>> --
>> To UNSUBSCRIBE, email to [hidden email]
>> with a subject of "unsubscribe". Trouble? Contact [hidden email]
>> Archive: http://lists.debian.org/20130424194549.2cf500e6@...
>
>
> --
> To UNSUBSCRIBE, email to [hidden email]
> with a subject of "unsubscribe". Trouble? Contact [hidden email]
> Archive: http://lists.debian.org/20130424195003.GA4579@...
>



--
Best Regards.
This is unedited.


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/CAAOvATgotczNAHwKOB6B--jHn_5Dgz-_scfeTwAj1r-DdHkHVw@...