Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,391

    Lightbulb KISS FireWall Installation [Easy]

    Here's a very simple How-To, just follow the instructions and your KISS Firewall will be working in a min.

    When logged in as root ( "su -" ):

    1) cd /usr/bin
    2) wget http://www.geocities.com/steve93138/kiss-2.0.1.tar.gz
    3) tar -zxvf kiss2-1.0.tar.gz
    4) rm -f kiss2-1.0.tar.gz

    5) To configure any settings use top section of the KISS file
    Type pico -w kiss
    [Make sure you restart for changes to take effect.]

    To start KISS
    kiss start

    To stop KISS
    kiss stop

    To restart KISS
    kiss restart

    To check current status
    kiss status


    6) Once you are sure everything is ok, add the following line to the end of /etc/rc.d/rc.local

    /usr/bin/kiss start

    Please feel free to post any questions or comments.

    For more info, please visit:
    http://www.geocities.com/steve93138/

  2. #2
    Join Date
    Aug 2003
    Location
    USA
    Posts
    1,030
    Very nice setup and easy to use, so it seems...

    Now those new to Linux won't have to wade through the documentation on IPTABLES
    Last edited by Akash; 03-08-2004 at 06:40 PM.

  3. #3
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,391
    IMPORTANT MESSAGE

    Hi,

    You must change config from:

    Code:
    ##############################################################################
    # Uncomment to allow DNS zone transfers
    #
    #$IPTABLES -A INPUT -i eth0 -p udp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
    #$IPTABLES -A INPUT -i eth0 -p tcp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
    #$IPTABLES -A OUTPUT -o eth0 -p udp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
    #$IPTABLES -A OUTPUT -o eth0 -p tcp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
    --------------------------------------------------------------------------------
    To:


    Code:
    ##############################################################################
    # Uncomment to allow DNS zone transfers
    #
    $IPTABLES -A INPUT -i eth0 -p udp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
    $IPTABLES -A INPUT -i eth0 -p tcp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
    $IPTABLES -A OUTPUT -o eth0 -p udp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
    $IPTABLES -A OUTPUT -o eth0 -p tcp --sport 53 --dport 53 -m state --state NEW -j ACCEPT

    This seems to be a problem for few ISPs in which they will not find your site unless this change is made.

    Just cd /usr/bin
    pico kiss

    and its right at the bottom.

    Hope this helps.
    Last edited by Akash; 03-08-2004 at 06:59 PM.

  4. #4
    Join Date
    Oct 2003
    Posts
    459
    Hi,

    Now those new to Linux won't have to wade through the documentation on IPTABLES
    Actually I wish to ask this question long time ago when I reading the documentation of IPTABLES.

    Is KISS is a program that provide an user interface or GUI that allow us to set the rules of IPTABLES in a more easily way? If yes, I rather not to go through the boring documentation any more!

    Thanks

    <edit>signature removed</edit>
    Last edited by choon; 03-10-2004 at 08:00 AM.

  5. #5
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,391
    No interface for editing the rules etc..

    just do pico kiss

  6. #6
    i just started using KISS.. but i face the problem of ssh dropping connections after i enter the correct password. any idea what's going on?

    here's the verbose output from the ssh client

    debug1: Next authentication method: password
    xxxt@mydomain.com's password:
    debug2: we sent a password packet, wait for reply
    debug1: Authentication succeeded (password).
    debug1: channel 0: new [client-session]
    debug2: channel 0: send open
    debug1: Entering interactive session.
    debug2: callback start
    debug2: ssh_session2_setup: id 0
    debug1: channel 0: request pty-req
    debug1: channel 0: request shell
    debug2: callback done
    debug1: channel 0: open confirm rwindow 0 rmax 32768
    debug1: channel_free: channel 0: client-session, nchannels 1
    Connection to mydomain.com closed by remote host.
    Connection to mydomain.com closed.
    debug1: Transferred: stdin 0, stdout 0, stderr 95 bytes in 0.1 seconds
    debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1280.5
    debug1: Exit status -1

    restarting sshd service will allow me to connect once. but once i disconnect that session and try to connect again from a different computer, the same problem comes back again. i can't keep going back to the server to restart sshd all the time. pls help. thanks.

  7. #7
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,790
    Well you problem is one thing but at least tell us your distribution plus version of the OS will let us understand better besides the description of your problem

  8. #8
    i'm using fedora core 1
    i'm suspecting the iptables is dropping outgoing tcp to the ssh client? but i'm not too sure about what needs to check or be done.

    what does this channel 0 means? "debug1: channel_free: channel 0: client-session, nchannels 1"

  9. #9
    if i want to block a certain ip connecting to a certain port, how can i do that in kiss?

  10. #10
    Join Date
    Jun 2003
    Location
    HKSAR
    Posts
    155
    Does Kiss can run in every start up process ??

    or .. we need to add KISS in cron to restart ( to ensure it can work at any time ? )

  11. #11
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,391
    It runs every time your server starts i believe.

  12. #12
    If you are looking for an easier firewall to use I recommend APF. You can drop very easiely from command like
    apf -d <ipAddress>

    You can see a how-to at: http://mycpadmin.com/index.php?showtopic=9

    It has a config for cPanel, however it is an easy edit and u just port the port #'s you want to use.
    Linux/cPanel How-To's - cPanelPlanet.com

  13. #13
    Join Date
    Dec 2000
    Posts
    951
    hi just installed kiss. Now i would like to block SMTP on port 25 in order to prevent user can send mails using: maildomain.com (i like they use mail.thereisp.com)
    How do i block port 25 ?
    I made the following config but it does not work or in other words i can still send e-mails by using maildomain.com
    ----------
    BLOCK_LIST=""
    TCP_IN="20 21 25 53 80 110 143 443 995 2082:2083 2086:2087 2089 2095:2096 3306 8443 10000 19638"
    TCP_OUT="21 22 37 43 53 80 443 873 2089 55000"
    -------

    Thanks for advise

  14. #14
    Join Date
    Dec 2000
    Posts
    951
    of course i would like customers can recive e-mails on port 25

  15. #15
    Join Date
    Dec 2000
    Posts
    951
    not working. the mails will siple go into the queue... I have something that bocks the sende while sending the e-mails In that way customers think they sent a mail while really not sendin anything...

Page 1 of 2 12 LastLast

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •