# How can I know if my firewall is working correctly?

## Saturn

Hi,

I have installed a small firewall named "pmfirewall". It was easy to install but is there a way to test if it does its job well?

Thanks for your help.

----------

## bluz

There are a few ways to test the firewall.. 

One of the best is to get a copy of NMAP (emerge nmap) and fire some tests at your firewalled computer from another host.  If you can't do that, there are a lot of sites on the internet that will run tests for you to check for open ports.. most of them are pretty superficial, but it's a start. 

BlUz

----------

## steblublu

steve gibson runs a web site grc.com that has a usefull app for quick probe. it will test your ports to see if they respond.  It is fast, and seems similar to nmap.

You might also want to test outgoing traffic.

as Bluz mentioned above, you can use NMAP.  This app is usefull  because it can probe ports using different methods, including stealth fin methods (read the man page).

The problem with NMAP is that it will often give false positives (report that a port is open, when it is not, gibson's as well).  To be sure you get an accurate map of your ports, you may want to open another terminal window and do a TCPDUMP - this will help eliminate any false positives

steb

.Last edited by steblublu on Sun Aug 18, 2002 7:50 am; edited 2 times in total

----------

## dizzy

To get a balanced view of Steve Gibson's site you might also want to visit this page http://grcsucks.com/ .

I don't always agree with the above view but it's nice to see things from both sides and decide for yourself.

----------

## steblublu

 *dizzy wrote:*   

> To get a balanced view of Steve Gibson's site you might also want to visit this page http://grcsucks.com/ .
> 
> I don't always agree with the above view but it's nice to see things from both sides and decide for yourself.

 

i had heard he was a bit fishy.  but i found the port probe usefull to see if my ports responded or not.  I wouldnt expect it to find any vulnerabilities.  symantec used to offer an online vulnerability checker for that...

thanks for the grcsucks link, it was an interesting read.  i never bothered reading any of the grc pages, but i think i'll head back over and check it out

----------

## bluz

I don't to start a huge argument, but i just ran grc.com's probe's on my own firewall, since it's been a while since i've tested it.

The site didn't find any of my open ports (ssh,ftp amongst other popular ports).  So i definately wouldn't trust this site.. grab a copy of nmap and run multiple tests from it... you'l get a MUCH more accurate picture.

BlUz

----------

## eivinn

What commands do I have to add to nmap for it to test my computer for servers?

I have run just plain nmap localhost and it returns lots of sockets I didn't know should be open at all.

----------

## tgnb

afaik

nmap -v localhost

returns the open ports of your system

This means it shows ports that are opened by whatever services you have running prior to being filtered by the firewall.

nmap -v yourmachinesexternalIP

returns the ports that are open to the world

This shows the ports that are open to the Internet. It is of course still recommended to shut down any other extra services you have running unless you need them. But with Gentoo this really isnt an issue anyway since only services are running that you installed.

-v is for verbose -  it tells you a little bit more while scanning

----------

## Chickpea

Another site to test  your firewall is http://scan.sygate.com  This company makes a firewall so they also try to get you to look at the products but they have several tests that they scan for and I have been pretty pleased.  I have used the test both on my Windows machine and the Gentoo machine.  

Try it out.  you'll like it.

Cat

----------

