Specifications
6
Implementing the Firewall
and process requests properly. Adminhost tools are available on the firewall
for these purposes (see 2 on page 15), such as nmap, nessus, xlogmaster,
logsurfer, and http clients. Detailed documentation for these programs is
available in the /usr/share/doc/packages/ directory on the SuSE Ad-
minhost for Firewall. Man pages are also available for each program.
Only when every single test has been successfully completed can you start
the firewall. Document all tests conducted.
First, connect a laptop or other computer to the firewall host to simulate an
external network. Then, close the connection to the internal network and es-
tablish a connection to the Internet. If possible, test your firewall from the
outside. Check your setup.
Internal Testing
Tests to conduct:
Are all services available?
Test if the permitted services are working from the internal clients. Can
you access https, send e-mails, and transfer data via FTP?
Do the deny rules work?
Test your packet filter. Try using a port scanner like nmap. Follow the
log messages of your firewall on the log host or on your firewall itself.
Let a packet sniffer run simultaneously to detect restricted packets or to
see if response packets are not being sent.
Are the log files being written to the log host? If the Adminhost is also
the log host and the feature has been activated in FAS, use FAS for ana-
lyzing the logs conveniently.
Fixing errors:
Determine the source of the problem. Search for the log files according to
process name, for example, postfix or named:
earth:~ # grep postfix /var/log/messages
or
earth:~ # grep named /var/log/messages
Alternatively, use the search dialog of the FAS Log File Analysis module.
Many programs can be switched to “verbose mode”. In this way, obtain de-
tailed information, which can, however, be quite extensive.
139SuSE Linux – Firewall on CD2