Firewall on Solaris 10

Similar Messages

• Can i  use Oracle Database Audit Vault and Oracle Database Firewall on Solaris?

  Can i  use Oracle Database Audit Vault and Oracle Database Firewall on Solaris?

  4195bee8-4db0-4799-a674-18f89aa500cb wrote:
  i dont have access to My Oracle Support can u send text or html of document please?
  Moderator Action:
  No they cannot send you a document that is available only to those with access to MOS.
  That would violate the conditions of having such service contract credentials.
  Asking someone to violate such privileges is a serious offense and could get that other person's organization banned from all support and all their support contracts cancelled.
  Your post is locked.
  Your duplicate post that you placed into the Audit Vault forum space has been removed (it had no responses).
  This thread which you had placed in the Solaris 10 forum space is moved to the Audit Vault forum space.
  That's the proper location for Audit Vault questions.

• How to turnoff firewall on solaris 10?

  hey everybody,
  do you know how to turn off the firewall on solaris 10 ?, because i installed 3 rd party program, and need to disable the firewall...
  thank you so much, for your help

  Hi,
  Can you please let me know how to disable firewall on Solaris 9.
  Does this command [*svcadm disable ipfilter*] disable firewall even on Solaris 9?
  Please let me know.
  TIA.
  Regards,
  Prashanth.

• How to Enable Firewall in Solaris 10 SPARC

  How to Enable Firewall in Solaris 10 SPARC

  What exactly are you looking for? By default Solaris is a secure operating system, but can be tuned to be more or less secure. The link above on IP Filtering is one way to make a system more secure, and is can be used to set up a firewall.
  -- Alan

• About Inbuilt Firewall in SOlaris 10

  Hi
  As I want to know that is there any firewall available inbuilt with Solaris 10 like IPTABLES in Linux.
  Also as I have heared about Sun Screen Firewall was available upto Sun Solaris 8. Why it was stopped after Solaris 9 & 10.
  Can you give me more details on same.
  Thanks
  Rajan

  The built-in firewall in solaris is called ipfilter.
  It is much like iptables with a slightly different syntax but it is just as easy to use.
  To start using it all you need to do is edit two files and give two commands (with fingers crossed).
  You can find extensive instructions elsewhere but here is a quick overview.
  Edit /etc/ipf/pfil.ap and de-comment the appropriate device name (use ifconfig -a to figure out what it is).
  Edit /etc/ipf/ipf.conf to your liking. Check online documentation for the syntax. Becareful since it reads from top to bottom and other things that iptables does differently.
  Here is a quick example of one of my machines*(careful this is an output from 'ipfstat -io' and not what you would necessarily want.
  #this machine talking with others
  pass out quick on bge0 proto tcp from xxx.xxx.xxx.xxx/32 to any keep state
  pass out quick on bge0 proto udp from xxx.xxx.xxx.xxx/32 to any keep state
  pass out quick on bge0 proto icmp from xxx.xxx.xxx.xxx/32 to any keep state
  #open up trusted local networks
  pass in quick on bge0 from xxx.xxx.xxx.0/24 to any
  #outside world
  pass in quick on bge0 proto tcp from any to any port = ssh
  pass in quick on bge0 proto tcp from any to any port = 80
  block in on bge0 all
  Those last two passins are wide open but I use sshblack to monitor those ports. You can easily modify that for ipfilter from iptables.
  http://www.pettingers.org/code/sshblack.html
  After you are all set do
  svcadm enable pfil
  svcadm enable ipfilter
  There are a pile of things that may cause either pfil or ipfilter to fail (svcs -vx to check) but you can google the answers or search these forums for how to fix them.

• Configuring SunScreen Firewall on Solaris 8

  Hi,
  I'm trying to configure SunScreen Firewall on Solaris 8 and i would like to know what is 'tcp/ip high ports" ? And i have to configure NAT also on the same machine so that few of the machines behind firewall can
  communicate to the Server host infront of firewall. And currently i've the configuration like this.
  -- Firewall is configured with single policy
  --And the Rules are added correctly for NAT.
  And after the policy is verified successfully, the communication is across the Firewall. But after this
  following rules are added to configure tcp/ip high ports.(not sure about the service).
  -- The rules are configured like this.
  edit> add rule common localhost * ALLOW COMMENT "Allow firewall access out"
  edit> add rule tcp-high-ports hme0.net * ALLOW
  edit> add rule udp-high-ports hme0.net * ALLOW
  Now i'm unable to communicate to the server infront of Firewall after policy is activated successfully.
  I would appreciate if someone can help me on this.
  Thanks,
  Mullapudi

  HI,
  i don't know sunscreen, but i can tell you that high-ports are ports above 1023.
  J

• How to Enable firewall on Solaris 10 SPARC Machine?

  Hi All,
  I have installed Solaris 10 SPARC & by default the firewall is disabled.
  Now i need to enable firewall?
  Can i know how to enable firewall Solaris 10 SPARC Machine?
  Also can i know how to open up specific TCP & UDP ports?

  What exactly are you looking for? By default Solaris is a secure operating system, but can be tuned to be more or less secure. The link above on IP Filtering is one way to make a system more secure, and is can be used to set up a firewall.
  -- Alan

• Firewall for Solaris 8

  I want to make use of my e250 server running Solaris 8. I'm thinking of running FREE security apps in it. Any suggestions ?

  Hello, you have it in the 3rd. disk of solaris 8.
  in EA/products/sunscreen_lite you have a firewall.
  (excuse for my English, please)

• Solaris 10 Firewall configuration with a GUI application

  Hello,
  I am quite a novice regarding Solaris.
  I have searched for hours on the web for a safe GUI application with which I can configure the
  firewall on Solaris 10 05/2009 in order to surf the Internet. Unfortunately I have not found one but
  lots of instructions instead on how to modify various config file setting, which I do not understand.
  My Solaris books are also of no help.
  Is there a precompiled GUI tool available similar to the one shipped with OpenSUSE's yast ?
  I think such a tool would make Solaris much more attractive for non-sysadmins - also because of
  its excellent hardware support that is superior to Linux.
  Thank you,
  Alexander

  IPF studied in little chunks is really easy to manipulate.
  Fortunately there is a doc that splits up IPF into little chunks with each new chunk building on all of the old chunks.
  http://www.obfuscation.org/ipf/ipf-howto.txt
  Then all you need to do is to create /etc/ipf/ipf.conf
  and
  svcadm enable ipfilter
  alan

• How to prevent a solaris user to telnet from multiple computers

  Hello,
  How to prevent Solaris users to telnet from multiple computers? They should be able to telnet from only one PC.
  Please help..

  ora_tech have a good point, i was about to suggest ipfilter, which is a built-in-firewall in Solaris, but using tcp wrappers would probably be easier. It all depends on which level of security you want (blocking the telnet requests in a firewall would generally be safer than blocking them at the tcp wrapper level, since its prevents some processing).
  Since Solaris 10 you can also easily enable tcp wrappers on the inetd services with inetadm, see:
  http://blogs.sun.com/gbrunett/entry/tcp_wrappers_on_solaris_10
  .. for more details..
  .7/M.

• Firewall recommendations

  Does anyone know of a good freeware firewall for Solaris?
  IPF and SXCE 111 and 113 don't play nice together and gnome-terminal doesn't update the login records as it should.
  Thanks in advance,
  alan

  I'm not sure exactly which service does this but apparently if you disable a service that is not listed in the ipfilter manifest file then it effectively makes ipfilter not block anything.
  Not sure which "other" service that I disabled did this but rolling back to the default services import reset ipfilter back to working.
  alan

• Getting FTP to work in Solaris 10, RE: config vs. firewall

  We've recently migrated from a clustered Solaris 9 environment to Solaris 10 zones.
  One issue that keeps coming up is the inability to ftp anywhere except within zones running on the same server. I can ftp between those zones without any problem.
  Trying to ftp anywhere else, i.e. to a zone on another server node or to any other ftp server, I encounter one of two problems, either I don't get a login prompt at all, which leads me to think there's a firewall issue, or I can login fine, but when I issue any command, nothing happens, and upon ctrl-x'ing out I see:
  "421 Service not available, remote server has closed connection"
  I've seen a lot of totally useless stuff on the web that doesn't seem to apply to Solaris 10. I know there's a bunch of ftp configuration files, but we haven't touched them.
  ftpd is running with the -a switch, but TCP Wrappers is set to false. I can ftp TO this server from a remote server as long as the firewall has been configured for the IP.
  To summarize.
  Zone A on Server A > Zone B on Server A : No problem
  Zone A on Server A > Zone B on Server B: Problem
  If anyone can shed any light on this problem, that would be great.
  Edited by: tsmori on Feb 7, 2008 8:26 AM

  Does perl work for ~/andrew?  You have ExecCGI set for /home/andrew/public_html and not /home/*/public_html:
  <Directory "/home/andrew/public_html">
          Options Indexes FollowSymLinks ExecCGI
          AllowOverride None
          Order allow,deny
          Allow from all
  </Directory>
  Are permissions set to 755 so that the http user can run them?  Have you checked apache's error log?
  edit: fixed quote
  Last edited by juster (2009-12-12 18:56:40)

• Solaris 10 ssh through a firewall

  I have Solaris 10 up and running on an HP Vectra. Everything is fine until I attempt to ssh through my firewall from the outside world.
  I can ssh from my linux systems on the lan. But when I attempt to ssh from outside using either putty or ssh on another solaris 10 system the connection times out.
  Anyone else experience a similar problem? Many thanks in advance.
  John Wright
  Asst Professor
  CIT
  Bellevue University

  It's hard to tell what's going on without some more information. Here're a few things you can try:
  Run "ssh localhost" from the Solaris box and make sure that works.
  ssh to the Solaris box from another box on the same network segment.
  From the site that doesn't work, do "ssh -v solaris_box" and see if that gives you any clues.
  After trying to ssh from outside, do a "netstat -an |grep -i '*.22' and see the state of the TCP connection
  (or if the first packet never even makes it).
  Run sshd on the Solaris box with with the "-d" debug option.

• Sendmail behind firewall Solaris 9

  I have a number of servers behind a software firewall.
  All of the servers are defined only in local /etc/hosts files with addresses similar to 192.168.0.n and I would like to route all root email from all of the servers to one server 192.168.0.99 in this example.
  I would prefer not to open up the firewall to incoming mail.
  /etc/nsswitch.conf for hosts indicates: files dns
  None of the servers will successfully have nslookup return a valid IP address as nslookup returns the public networks ip addresses in front of the firewall (usually a 129.* publically accessible subnet address) for all name lookups.
  This worked on Solaris 8 but stopped working after a Live Upgrade to Solaris 9.
  Any thoughts would be appreciated.
  I assume I need configuration changes on the 'sending nodes' as well as the receiving system.
  Wouldn't this be a standard configuration for systems behind a firewall?

  SInce I had been able to get this working in Solaris 8
  I assumed that it would be possible also in 9.IIRC Sun changed philosofi towards sendmail between Solaris8 and Solaris9
  Sun had themselves hacked the open source sendmail up until and including solaris8.
  In Solaris9 it is almost Vanilla sendmail that is shipped. Therefore you have two
  choises : Either set up DNS to serve the adresses you need or Write you own
  "LOCAL RULE 0 " rule set to include in your sendmail Macro ( M4) config file.
  if you include something like the below in you sendmail Macro config file and
  do the m4 generation run you will override the part of sendmail that wants to do
  DNS Resolution for each of the target hostnames you specify. ( replace host1.com
  with you values )
  LOCAL_RULE_0
  R$+<@host1.com> $#esmtp $@[192.168.0.99] $: $1<@host1.com>
  R$+<@host2.com> $#esmtp $@[192.168.0.98] $: $1<@host2.com>
  there MUST be a single TAB after the first Leftmost part of the line.
  ( this forum only displays a single space. i.e. :__ @host1.com>TAB$#esmtp )
  Regards
  //Lars

• Configuring and implemting firewall on a solaris router/gateway

  Hello!
  I need to know, how do we implement, or make a firewall on a System that is behaving a router between different networks and Solaris 9 installed.
  Please if possible, either recommend me some available sources, or tell me the location of file, deamons associated, and syntax of the file to be prepared for IP filtering.
  Note:
  What I want to do is that I have installed DHCP on this router. I have reserved all the IP's on the subnets/networks with the MAC addresses of the NICs. Now I want that only the IP's / MACs specified in the DHCP should be able to route through the network, and not any other possible IPs, not listed in DHCP.
  I would be grate ful, if someone helps me out

  Try http://solaris-x86.org/security/ which has two articles on armoring Solaris for firewall purposes.
  Gerald