I have my 2 PC's (lets call them tux1 and tux2) both connected to my ADSL Router/Modem, Both PC's are running MDV 2008.1, I have them set up so as tux1 can access tux2's shares and tux2 can access tux1's shares. Everything works fine, so things must be set up OK, accept, after I shut down for the day, and then boot up again tomorrow, I no longer have the access I did the day before. To fix the problem, all I have to do is turn off the firewall on both PC's, and then I can have access again, I can then turn both firewalls back on and I still have access, no other changes are made.
What do I have to do, so as I don't have to turn the firewalls on and off everyday?
[moved from Networking by spinynorman]
Full Version: Home network problem
What are you using as firewall, and what are the rules? Also note that if you have shorewall and iptables one could be blocking the other. Post:
so we can see what services are enabled, and also which firewall you have been restarting to fix the problem. Also, what are your firewall rules? Post them here also if you can so we can see what might be blocking, but I reckon it's a combo of iptables/shorewall causing the issue maybe.
CODE
chkconfig --list | grep :on
so we can see what services are enabled, and also which firewall you have been restarting to fix the problem. Also, what are your firewall rules? Post them here also if you can so we can see what might be blocking, but I reckon it's a combo of iptables/shorewall causing the issue maybe.
Here is the output of the command you asked
The firewall is just Shorewall, the one that comes standard with Mandriva I guess.
As for rules, well I just have Echo Request (Ping) selected, and the ports 2049/udp 2049/tcp open, I believe these are for NFS.
CODE
acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
alsa 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
avahi-daemon 0:off 1:off 2:off 3:on 4:off 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
dkms 0:off 1:off 2:off 3:on 4:on 5:on 6:off
dm 0:off 1:off 2:off 3:off 4:off 5:on 6:off
fuse 0:off 1:off 2:off 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
harddrake 0:off 1:off 2:off 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off
kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off
lisa 0:off 1:off 2:off 3:on 4:on 5:on 6:off
mandi 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network-up 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nfs-common 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nfs-server 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
numlock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
partmon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
resolvconf 0:off 1:off 2:on 3:on 4:on 5:on 6:off
shorewall 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sound 0:off 1:off 2:on 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
alsa 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
avahi-daemon 0:off 1:off 2:off 3:on 4:off 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
dkms 0:off 1:off 2:off 3:on 4:on 5:on 6:off
dm 0:off 1:off 2:off 3:off 4:off 5:on 6:off
fuse 0:off 1:off 2:off 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
harddrake 0:off 1:off 2:off 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off
kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off
lisa 0:off 1:off 2:off 3:on 4:on 5:on 6:off
mandi 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network-up 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nfs-common 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nfs-server 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
numlock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
partmon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
resolvconf 0:off 1:off 2:on 3:on 4:on 5:on 6:off
shorewall 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sound 0:off 1:off 2:on 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
The firewall is just Shorewall, the one that comes standard with Mandriva I guess.
As for rules, well I just have Echo Request (Ping) selected, and the ports 2049/udp 2049/tcp open, I believe these are for NFS.
I see iptables in that list as well. What's the contents of /etc/sysconfig/iptables (I'm assuming it's using this). Alternatively, you can give me:
to list what rules are loaded. A conflict between this and shorewall is I think your problem. If we see anything in /etc/sysconfig/iptables or the rule list that is blocking all incoming, then we can safely do:
to fix the problem. At least that's what I would try anyway. I'm not completely sure whether shorewall needs iptables or not. You can also use:
I think to list shorewall rules, so once iptables was stopped, check this to see if all your rules are active, based on what you set up.
CODE
iptables -L
to list what rules are loaded. A conflict between this and shorewall is I think your problem. If we see anything in /etc/sysconfig/iptables or the rule list that is blocking all incoming, then we can safely do:
CODE
chkconfig iptables off
service iptables stop
service iptables stop
to fix the problem. At least that's what I would try anyway. I'm not completely sure whether shorewall needs iptables or not. You can also use:
CODE
shorewall show
I think to list shorewall rules, so once iptables was stopped, check this to see if all your rules are active, based on what you set up.
[Edit] I'll have to get back to you on this, I'm running late, and rushing everything, I'll get back this afternoon.
Thanks
Thanks
Right ee oh, here we go,
There is no such file on either PC.
The output of iptables -L is as follows, it is exactly the same for both PC's
I ran the 2 commands, chkconfig iptables off and service iptables stop, but I still could not get access. After running the 2 commands, iptables -L shows the following,
and the output of chkconfig --list | grep
n no longer lists iptables. After a reboot, chkconfig --list | grep n still doesn't list iptables, and it shows as not running in MCC, however the output of iptables -L, is back to the long list above, and shorewall still needs to be stopped to get access, and can be started again, while still having access.
iptables is not selected by default on installation of Mandriva, I actually select it, I don't know why, I don't actually do anything with it, I guess I just heard it was a good thing, should I perhaps just uninstall it?
I await your reply, thanks
QUOTE
What's the contents of /etc/sysconfig/iptables
There is no such file on either PC.
The output of iptables -L is as follows, it is exactly the same for both PC's
CODE
Chain INPUT (policy DROP)
target prot opt source destination
Ifw all -- anywhere anywhere
eth0_in all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
eth0_out all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere
Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain Ifw (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere set ifw_wl src
DROP all -- anywhere anywhere set ifw_bl src
IFWLOG all -- anywhere anywhere state INVALID,NEW psd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN'
IFWLOG udp -- anywhere anywhere state NEW udp dpt:nfs IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:nfs IFWLOG prefix 'NEW'
Chain Reject (6 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain all2fw (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2fw:REJECT:'
reject all -- anywhere anywhere
Chain all2net (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2net:REJECT:'
reject all -- anywhere anywhere
Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
Chain dynamic (2 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2fw all -- anywhere anywhere
Chain eth0_out (1 references)
target prot opt source destination
fw2net all -- anywhere anywhere
Chain fw2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:fw2all:REJECT:'
reject all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:nfs
ACCEPT tcp -- anywhere anywhere tcp dpt:nfs
ACCEPT icmp -- anywhere anywhere icmp echo-request
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2fw:DROP:'
DROP all -- anywhere anywhere
Chain reject (13 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain shorewall (0 references)
target prot opt source destination
Chain smurfs (0 references)
target prot opt source destination
RETURN all -- default anywhere
LOG all -- anywhere anywhere ADDRTYPE match src-type BROADCAST LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
target prot opt source destination
Ifw all -- anywhere anywhere
eth0_in all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
eth0_out all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere
Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain Ifw (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere set ifw_wl src
DROP all -- anywhere anywhere set ifw_bl src
IFWLOG all -- anywhere anywhere state INVALID,NEW psd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN'
IFWLOG udp -- anywhere anywhere state NEW udp dpt:nfs IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:nfs IFWLOG prefix 'NEW'
Chain Reject (6 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain all2fw (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2fw:REJECT:'
reject all -- anywhere anywhere
Chain all2net (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2net:REJECT:'
reject all -- anywhere anywhere
Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
Chain dynamic (2 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2fw all -- anywhere anywhere
Chain eth0_out (1 references)
target prot opt source destination
fw2net all -- anywhere anywhere
Chain fw2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:fw2all:REJECT:'
reject all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:nfs
ACCEPT tcp -- anywhere anywhere tcp dpt:nfs
ACCEPT icmp -- anywhere anywhere icmp echo-request
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2fw:DROP:'
DROP all -- anywhere anywhere
Chain reject (13 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain shorewall (0 references)
target prot opt source destination
Chain smurfs (0 references)
target prot opt source destination
RETURN all -- default anywhere
LOG all -- anywhere anywhere ADDRTYPE match src-type BROADCAST LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
I ran the 2 commands, chkconfig iptables off and service iptables stop, but I still could not get access. After running the 2 commands, iptables -L shows the following,
CODE
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
and the output of chkconfig --list | grep
n no longer lists iptables. After a reboot, chkconfig --list | grep n still doesn't list iptables, and it shows as not running in MCC, however the output of iptables -L, is back to the long list above, and shorewall still needs to be stopped to get access, and can be started again, while still having access. iptables is not selected by default on installation of Mandriva, I actually select it, I don't know why, I don't actually do anything with it, I guess I just heard it was a good thing, should I perhaps just uninstall it?
I await your reply, thanks
I have always understood that Shorewall is just a front end for iptables/ipchains and that if you don't have iptables then Shorewall won't work. I could have misunderstood this but I don't think so. Sorry I can't help with the original problem though.
This is from the Shorewall site
I'm glad you indirectly got me to go take a look at the site
Firestarter seems to be something that is more to my liking, I may check it out a bit later.
QUOTE
The Shoreline Firewall, more commonly known as "Shorewall", is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode; as a consequence, Shorewall can take advantage of Netfilter's connection state tracking capabilities to create a stateful firewall.
I'm glad you indirectly got me to go take a look at the site
QUOTE
Shorewall is not the easiest to use of the available iptables configuration tools but I believe that it is the most flexible and powerful. So if you are looking for a simple point-and-click set-and-forget Linux firewall solution that requires a minimum of networking knowledge, I would encourage you to check out the following alternatives: Firestarter
Firestarter seems to be something that is more to my liking, I may check it out a bit later.
You can get iptables back with:
and then:
the grep command filters for services that are on, from the example, therefore when it was turned to off, filtering by on, stopped it appearing.
CODE
chkconfig iptables on
and then:
CODE
service iptables start
the grep command filters for services that are on, from the example, therefore when it was turned to off, filtering by on, stopped it appearing.
Yeah, I had already worked that out, thanks. I will be installing 2008.1 PowerPack shortly, so I'll see how I go, but I imagine I'll run into the same problem.
Well, I uninstalled Shorewall, then install Firestarter, wasn't that a bust. It wouldn't start. Whether you tried to start it from the menu entry or the CLI, you got the same thing, just a little window popped up and said 'unknown error'. So I just uninstalled that also.
Now everything works fine (touch wood), both PC's can access each others shares, and it holds over reboots. But I wouldn't mind having a firewall/shorewall working, but I am not to worried not having one, I would rather not have one and have my 2 PC's talking to each other, than have a firewall, and having to jump through hoops every boot to get things working.
Now to install 2008 Spring PowerPack . . .
Now everything works fine (touch wood), both PC's can access each others shares, and it holds over reboots. But I wouldn't mind having a firewall/shorewall working, but I am not to worried not having one, I would rather not have one and have my 2 PC's talking to each other, than have a firewall, and having to jump through hoops every boot to get things working.
Now to install 2008 Spring PowerPack . . .
You really only need a firewall between your internal network and the internet. The machines inside don't need to have one. Some people do it for extra security, or for routing some things to machines that may not be directly connected to the internet.
I have a firewall at home between my LAN and internet, and all my machines don't have iptables/shorewall or anything else on them.
I have a firewall at home between my LAN and internet, and all my machines don't have iptables/shorewall or anything else on them.
QUOTE
You really only need a firewall between your internal network and the internet. The machines inside don't need to have one. Some people do it for extra security, or for routing some things to machines that may not be directly connected to the internet.
I'm just set up with each PC plugged into a 4 port ADSL Modem/Router, so they are sought of connected directly to the net, but there is some sort of firewall in the Router, but I just had a look, and it looks like I have never set it up/turned it on, and I don't really understand the settings available in the quick perusal I just had, nor do I really want to spend the time researching.
Anyway, I have now installed 2008 Spring PowerPack on both machines, while shorewall is installed, during installation, I disabled it from starting up, and I fear to start it up to see what happens, because as it is, everything is working how I want it to. The shares on both PC's remain accessible after reboots, I don't have to jump through any hoops to make it happen.
QUOTE
iptables is not selected by default on installation of Mandriva, I actually select it,
While what I said here is kind of true, I took note during the 2 installs of PowerPack I just done, iptables is not selected by default, and I made a point not to select it, however it appears that somewhere along the line it must come in as a dependency with something else, as it does actually get installed.
It's simple really, just let everything from the inside go out, and block all incoming connections on the firewall. That will mean your machines have complete access to the internet, but you blocked the internet connecting to your machines. Just make sure all inbound stuff is blocked.
Then you're done
Then you're done
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.