[Discuss] Trying to connect to internet in Debian

Steve Litt slitt at troubleshooters.com
Fri Jan 16 19:03:19 EST 2026 

Kent Borg said on Thu, 15 Jan 2026 17:44:05 -0800

>On 1/15/26 4:40 PM, Randall Rose wrote:
>> Unfortunately I am in a situation where I need to rebuild some
>> machines with only a Debian and a Fedora install disk to work from.
>> With Debian, it's hard to connect to the internet since Debian
>> doesn't like to provide a firewall in the initial install.  
>I think this is easier:
>
>  * Install the OS without a firewall.
>  * Get it working.
>  * Set up the firewall later—if at all.
>
>Linux is quite secure as-is. If you don't install anything that is 
>listening on any ports, then there is nothing for the firewall to 
>protect. 

"Nothing listening, nothing to protect" is factually correct in theory,
but strange things happen in practice. I wouldn't be caught dead going
onto the Internet bareback: I always have a firewall. The one exception
is in my own home, which is protected by its own firewall. However,
on my daily driver with all my data, I have a pretty tight firewall as
a second protection.

The preceding said, in Randall Rose's position, it's pretty hard to do
an initial installation with a firewall, and in fact I've never done
it. As a compromise, why not do the install on a LAN with a firewall?
Then Randall can firewall his newly installed computer immediately
after installation.

[snip]

>If you do have something listening, choose wisely what is listening, 
>configure it carefully, and keep your software up-to-date. (Whether
>you have a firewall or not.)

The preceding are words to live by!

>
>But how in heck are you even going to get it /on/ the open internet? 
>Nearly every connection is going to be behind a NAT which isn't going
>to allow incoming packets to reach you anyway.

A lot of firewalls are very insufficient. Would you go bareback at
McDonalds or a coffee shop? I sure wouldn't.

>
>Do an nmap scan of yourself and see what is listening, and ask why for 
>each hit. If you don't need it, then get rid of it or configure it to 
>only listen on localhost.

I'm going to perform the exact test you mention in the preceding
paragraph. If you know an exact command, please let us know. Otherwise
I'll figure it out myself (I'm not an admin :-).

>
>Then what do you need a firewall for? Okay, if you want it as an extra 
>layer, configure it. 

Heck yeah! I love a second layer of protection that's effective no
matter where I am and no matter what the proprietors of the outermost
firewall do or don't do.

SteveT

Steve Litt 

http://444domains.com

More information about the Discuss mailing list