Linix Firewalls anyone?
|
Joined: Dec 2007
Posts: 7,786
axiomite
|
OP
axiomite
Joined: Dec 2007
Posts: 7,786 |
Ok. I've been putting this off for a while...
In January I set up a stand alone Linex firewall (I'm the paranoid type) to improve the security of my internet connection.
It took a while, but I got it working except... windows update. Vista update fails when I try to run it through the firewall. I don't like the idea of turning off the firewall just to update Vista so now I gotta trouble-shoot.
I have the firewall set up so that it blocks everything inbound and have some custom rules to prevent certain types of attacks. I do not understand the implications of these rules as I set them up at the suggestion of others and followed their lead.
Does anybody out there know how Windows/Vista does its updates?
I guess my first step should be to turn off all the custom inbound rules and see if that makes things better. From there I would have no clue how to prodeed.
Fred
------- Blujays1: Spending Fred's money one bottle at a time, no two... Oh crap!
|
|
|
Re: Linix Firewalls anyone?
|
Joined: May 2003
Posts: 18,044
shareholder in the making
|
shareholder in the making
Joined: May 2003
Posts: 18,044 |
I think it's all outbound--machines behind my firewall (no inbound access without initiating an outbound connection first) can run Win Update just fine.
I am the Doctor, and THIS... is my SPOON!
|
|
|
Re: Linix Firewalls anyone?
|
Joined: Jun 2005
Posts: 1,189
connoisseur
|
connoisseur
Joined: Jun 2005
Posts: 1,189 |
I agree. I admin a corporate firewall and outbound access on standard web ports (tcp port 80 and 443) should do it.
|
|
|
Re: Linix Firewalls anyone?
|
Joined: Oct 2006
Posts: 6,955
axiomite
|
axiomite
Joined: Oct 2006
Posts: 6,955 |
I'm still doing my best not to 'downgrade' from XP to Vista, snicker. However, what I would probably do is clear my firewall logs, run the Vista Update program, then consult the logs to see what ports and traffic types got denied as a result. You can then decide if you want to open those ports up. Depends on how fluent your Linex firewall skills are at this time. Also I wonder, have you tried the Windows Update Web page? I think you can invoke Vista updates from there as well. It may or may not change the traffic enough that it works better. Hey, what's your IP, well just take a look from here. KIDDING!!!
With great power comes Awesome irresponsibility.
|
|
|
Re: Linix Firewalls anyone?
|
Joined: Dec 2007
Posts: 7,786
axiomite
|
OP
axiomite
Joined: Dec 2007
Posts: 7,786 |
Depends on how fluent your Linex firewall skills are at this time.
Not very, and with recent job demands, it won't improve the way I had originally planned. Thats part of the problem, I just don't have a lot of time right now to dedicate to figuring stuff out myself. I didn't think to clear the logs and try again. Too simple. I also didn't think that there would be anything other than strait forward http requests, but given MS paranoia, you never know what they have added under the hood to make sure the transaction takes place in a 'safe environment'. I have no idea how they validate you as a user before proceeding with updates. Sigh, I was gonna do this tomorrow, but now I have to work and its a shift switch over weekend.
Fred
------- Blujays1: Spending Fred's money one bottle at a time, no two... Oh crap!
|
|
|
Re: Linix Firewalls anyone?
|
Joined: Dec 2007
Posts: 7,786
axiomite
|
OP
axiomite
Joined: Dec 2007
Posts: 7,786 |
Well, I finally had both the energy and motivation to tackle this over the weekend.
This morning I hooked the new pc up to the firewall, cleared the logs and left the room for a few minutes. I get back ready to fire up the update software and read through logs and...
Its all running just fine. No blocked connection atempts, no dropped packets. Go figure.
Fred
------- Blujays1: Spending Fred's money one bottle at a time, no two... Oh crap!
|
|
|
Re: Linix Firewalls anyone?
|
Joined: Oct 2006
Posts: 6,955
axiomite
|
axiomite
Joined: Oct 2006
Posts: 6,955 |
No blocked connection attempts ????? Are you sure you are on the internet at all?
Just kidding, That's awesome!
With great power comes Awesome irresponsibility.
|
|
|
Forums16
Topics24,945
Posts442,484
Members15,617
|
Most Online2,082 Jan 22nd, 2020
|
|
0 members (),
691
guests, and
4
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|