I have just installed Vuurmuur, its exactly what I was looking for. I have some questions about its configuration, as I am not well acquainted with firewalling issues. I am running a simple home box desktop with internet cable connection (ethernet). Most of my qeustions refers to the "networks" tab, in particular the anti-spoofing options. Do I have to check the following boxes:
- loopback
- class a
- class b
- class c
- class d
- class e
- test-net
- link local net
- 0.0.0.0/res.
- Broadcast src.
- Broadcast dst.
I read in the quick setup guide, that it maybe not good to check some of them. Which should I choose?
The other question is related to the loopback interface of my computer, do I have to enable it explicitly in Vuurmuur? Or does Vuurmuur handle it by default?
I have setup some rules, for accepting dns, http, htpps and ftp from firewall to world.inet, but what about ping, smtp and pop3? Do I need to enable ping, if my computer is a dhcp client? Do I need to enable pop3 and smtp, in order to receive and send e-mails?
The next question is about the "Vuurmuur config" Option in vuurmuur_conf, the "interfaces" tab: do I have to enable the checkbox "check dynamic interfaces for changes"?
What does the options "buffersize logviewer", "advanced mode by default" and "draw status in main menu" in the "Vuurmuur_conf Settings" mean?
Do I need to enable NAT, if I am not in a LAN?
I am sorry for that amount of questions, unfortunately I am not a programmer. I would like to setup a good, working firewall, and concentrate my attention on configuring the rest of the system.
Thanks for any help in advance
Szymon
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Szymon, I don't think you have already looked at the help function (F12) inside vuurmuur_conf, as it answers most for your questions, or at least tries to.
You should choose all anti-spoofing options unless one interferes with your network settings. Again, see the help function (F12). You don't need to do anything to the loopback, Vuurmuur takes care of that for you. In general, if you are unsure you need something, just try if a program works, if it doesn't you should see dropped traffic in the logviewer. Then you can add a rule to allow that traffic.
I think you should try to read up a bit about the networking and firewall basics. Vuurmuur assumes that you have basic networking and firewall knowledge, and won't be of much use if you don't have that.
Regards,
Victor
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The questions you asked are very interesting. To people being busy with networks all day like Victor and me the answers are quite obvious. This is good and bad news at the same time.
Good, because you really get a decent firewall and an excellent firewall management tool. And support even for wicked network problems.
Bad, because you are having troubles to get started with Vuurmuur as it is designed to handle alot more: manage large scale networks, provide a scripting interface and, of course, just be a firewall for a normal workstation or desktop.
I'd like to ask you for help on improving our documentation for the "normal" tasks like setting up a firewall for a workstation or clarify some network related terms (like nat, spoofing and the like) for users who do not come from the "network corner"...
on http://www.vuurmuur.org/trac we have a wiki where we try to get as much good documentation as possible! I hope you will help us out too! :-)
thanx,
Adi
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
I have just installed Vuurmuur, its exactly what I was looking for. I have some questions about its configuration, as I am not well acquainted with firewalling issues. I am running a simple home box desktop with internet cable connection (ethernet). Most of my qeustions refers to the "networks" tab, in particular the anti-spoofing options. Do I have to check the following boxes:
- loopback
- class a
- class b
- class c
- class d
- class e
- test-net
- link local net
- 0.0.0.0/res.
- Broadcast src.
- Broadcast dst.
I read in the quick setup guide, that it maybe not good to check some of them. Which should I choose?
The other question is related to the loopback interface of my computer, do I have to enable it explicitly in Vuurmuur? Or does Vuurmuur handle it by default?
I have setup some rules, for accepting dns, http, htpps and ftp from firewall to world.inet, but what about ping, smtp and pop3? Do I need to enable ping, if my computer is a dhcp client? Do I need to enable pop3 and smtp, in order to receive and send e-mails?
The next question is about the "Vuurmuur config" Option in vuurmuur_conf, the "interfaces" tab: do I have to enable the checkbox "check dynamic interfaces for changes"?
What does the options "buffersize logviewer", "advanced mode by default" and "draw status in main menu" in the "Vuurmuur_conf Settings" mean?
Do I need to enable NAT, if I am not in a LAN?
I am sorry for that amount of questions, unfortunately I am not a programmer. I would like to setup a good, working firewall, and concentrate my attention on configuring the rest of the system.
Thanks for any help in advance
Szymon
Hi Szymon, I don't think you have already looked at the help function (F12) inside vuurmuur_conf, as it answers most for your questions, or at least tries to.
You should choose all anti-spoofing options unless one interferes with your network settings. Again, see the help function (F12). You don't need to do anything to the loopback, Vuurmuur takes care of that for you. In general, if you are unsure you need something, just try if a program works, if it doesn't you should see dropped traffic in the logviewer. Then you can add a rule to allow that traffic.
For NAT, see: http://en.wikipedia.org/wiki/Network_address_translation
I think you should try to read up a bit about the networking and firewall basics. Vuurmuur assumes that you have basic networking and firewall knowledge, and won't be of much use if you don't have that.
Regards,
Victor
Hi Szymon!
The questions you asked are very interesting. To people being busy with networks all day like Victor and me the answers are quite obvious. This is good and bad news at the same time.
Good, because you really get a decent firewall and an excellent firewall management tool. And support even for wicked network problems.
Bad, because you are having troubles to get started with Vuurmuur as it is designed to handle alot more: manage large scale networks, provide a scripting interface and, of course, just be a firewall for a normal workstation or desktop.
I'd like to ask you for help on improving our documentation for the "normal" tasks like setting up a firewall for a workstation or clarify some network related terms (like nat, spoofing and the like) for users who do not come from the "network corner"...
on http://www.vuurmuur.org/trac we have a wiki where we try to get as much good documentation as possible! I hope you will help us out too! :-)
thanx,
Adi