aphelion

Yeah, I had already worked that out, thanks. I will be installing 2008.1 PowerPack shortly, so I'll see how I go, but I imagine I'll run into the same problem.

This is from the Shorewall site

The Shoreline Firewall, more commonly known as "Shorewall", is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode; as a consequence, Shorewall can take advantage of Netfilter's connection state tracking capabilities to create a stateful firewall.

I'm glad you indirectly got me to go take a look at the site ;)

Shorewall is not the easiest to use of the available iptables configuration tools but I believe that it is the most flexible and powerful. So if you are looking for a simple point-and-click set-and-forget Linux firewall solution that requires a minimum of networking knowledge, I would encourage you to check out the following alternatives: Firestarter

Firestarter seems to be something that is more to my liking, I may check it out a bit later.

Right ee oh, here we go,

What's the contents of /etc/sysconfig/iptables

There is no such file on either PC.

The output of iptables -L is as follows, it is exactly the same for both PC's

Chain INPUT (policy DROP)
target	 prot opt source			   destination
Ifw		all  --  anywhere			 anywhere
eth0_in	all  --  anywhere			 anywhere
ACCEPT	 all  --  anywhere			 anywhere
ACCEPT	 all  --  anywhere			 anywhere			state RELATED,ESTABLISHED
Reject	 all  --  anywhere			 anywhere
LOG		all  --  anywhere			 anywhere			LOG level info prefix `Shorewall:INPUT:REJECT:'
reject	 all  --  anywhere			 anywhere

Chain FORWARD (policy DROP)
target	 prot opt source			   destination
eth0_fwd   all  --  anywhere			 anywhere
ACCEPT	 all  --  anywhere			 anywhere			state RELATED,ESTABLISHED
Reject	 all  --  anywhere			 anywhere
LOG		all  --  anywhere			 anywhere			LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject	 all  --  anywhere			 anywhere

Chain OUTPUT (policy DROP)
target	 prot opt source			   destination
eth0_out   all  --  anywhere			 anywhere
ACCEPT	 all  --  anywhere			 anywhere
ACCEPT	 all  --  anywhere			 anywhere			state RELATED,ESTABLISHED
Reject	 all  --  anywhere			 anywhere
LOG		all  --  anywhere			 anywhere			LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject	 all  --  anywhere			 anywhere

Chain Drop (1 references)
target	 prot opt source			   destination
reject	 tcp  --  anywhere			 anywhere			tcp dpt:auth
dropBcast  all  --  anywhere			 anywhere
ACCEPT	 icmp --  anywhere			 anywhere			icmp fragmentation-needed
ACCEPT	 icmp --  anywhere			 anywhere			icmp time-exceeded
dropInvalid  all  --  anywhere			 anywhere
DROP	   udp  --  anywhere			 anywhere			multiport dports 135,microsoft-ds
DROP	   udp  --  anywhere			 anywhere			udp dpts:netbios-ns:netbios-ssn
DROP	   udp  --  anywhere			 anywhere			udp spt:netbios-ns dpts:1024:65535
DROP	   tcp  --  anywhere			 anywhere			multiport dports 135,netbios-ssn,microsoft-ds
DROP	   udp  --  anywhere			 anywhere			udp dpt:1900
dropNotSyn  tcp  --  anywhere			 anywhere
DROP	   udp  --  anywhere			 anywhere			udp spt:domain

Chain Ifw (1 references)
target	 prot opt source			   destination
RETURN	 all  --  anywhere			 anywhere			set ifw_wl src
DROP	   all  --  anywhere			 anywhere			set ifw_bl src
IFWLOG	 all  --  anywhere			 anywhere			state INVALID,NEW psd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN'
IFWLOG	 udp  --  anywhere			 anywhere			state NEW udp dpt:nfs IFWLOG prefix 'NEW'
IFWLOG	 tcp  --  anywhere			 anywhere			state NEW tcp dpt:nfs IFWLOG prefix 'NEW'

Chain Reject (6 references)
target	 prot opt source			   destination
reject	 tcp  --  anywhere			 anywhere			tcp dpt:auth
dropBcast  all  --  anywhere			 anywhere
ACCEPT	 icmp --  anywhere			 anywhere			icmp fragmentation-needed
ACCEPT	 icmp --  anywhere			 anywhere			icmp time-exceeded
dropInvalid  all  --  anywhere			 anywhere
reject	 udp  --  anywhere			 anywhere			multiport dports 135,microsoft-ds
reject	 udp  --  anywhere			 anywhere			udp dpts:netbios-ns:netbios-ssn
reject	 udp  --  anywhere			 anywhere			udp spt:netbios-ns dpts:1024:65535
reject	 tcp  --  anywhere			 anywhere			multiport dports 135,netbios-ssn,microsoft-ds
DROP	   udp  --  anywhere			 anywhere			udp dpt:1900
dropNotSyn  tcp  --  anywhere			 anywhere
DROP	   udp  --  anywhere			 anywhere			udp spt:domain

Chain all2fw (0 references)
target	 prot opt source			   destination
ACCEPT	 all  --  anywhere			 anywhere			state RELATED,ESTABLISHED
Reject	 all  --  anywhere			 anywhere
LOG		all  --  anywhere			 anywhere			LOG level info prefix `Shorewall:all2fw:REJECT:'
reject	 all  --  anywhere			 anywhere

Chain all2net (0 references)
target	 prot opt source			   destination
ACCEPT	 all  --  anywhere			 anywhere			state RELATED,ESTABLISHED
Reject	 all  --  anywhere			 anywhere
LOG		all  --  anywhere			 anywhere			LOG level info prefix `Shorewall:all2net:REJECT:'
reject	 all  --  anywhere			 anywhere

Chain dropBcast (2 references)
target	 prot opt source			   destination
DROP	   all  --  anywhere			 anywhere			ADDRTYPE match dst-type BROADCAST
DROP	   all  --  anywhere			 BASE-ADDRESS.MCAST.NET/4

Chain dropInvalid (2 references)
target	 prot opt source			   destination
DROP	   all  --  anywhere			 anywhere			state INVALID

Chain dropNotSyn (2 references)
target	 prot opt source			   destination
DROP	   tcp  --  anywhere			 anywhere			tcp flags:!FIN,SYN,RST,ACK/SYN

Chain dynamic (2 references)
target	 prot opt source			   destination

Chain eth0_fwd (1 references)
target	 prot opt source			   destination
dynamic	all  --  anywhere			 anywhere			state INVALID,NEW

Chain eth0_in (1 references)
target	 prot opt source			   destination
dynamic	all  --  anywhere			 anywhere			state INVALID,NEW
net2fw	 all  --  anywhere			 anywhere

Chain eth0_out (1 references)
target	 prot opt source			   destination
fw2net	 all  --  anywhere			 anywhere

Chain fw2all (0 references)
target	 prot opt source			   destination
ACCEPT	 all  --  anywhere			 anywhere			state RELATED,ESTABLISHED
Reject	 all  --  anywhere			 anywhere
LOG		all  --  anywhere			 anywhere			LOG level info prefix `Shorewall:fw2all:REJECT:'
reject	 all  --  anywhere			 anywhere

Chain fw2net (1 references)
target	 prot opt source			   destination
ACCEPT	 all  --  anywhere			 anywhere			state RELATED,ESTABLISHED
ACCEPT	 all  --  anywhere			 anywhere

Chain logdrop (0 references)
target	 prot opt source			   destination
DROP	   all  --  anywhere			 anywhere

Chain logreject (0 references)
target	 prot opt source			   destination
reject	 all  --  anywhere			 anywhere

Chain net2fw (1 references)
target	 prot opt source			   destination
ACCEPT	 all  --  anywhere			 anywhere			state RELATED,ESTABLISHED
ACCEPT	 udp  --  anywhere			 anywhere			udp dpt:nfs
ACCEPT	 tcp  --  anywhere			 anywhere			tcp dpt:nfs
ACCEPT	 icmp --  anywhere			 anywhere			icmp echo-request
Drop	   all  --  anywhere			 anywhere
LOG		all  --  anywhere			 anywhere			LOG level info prefix `Shorewall:net2fw:DROP:'
DROP	   all  --  anywhere			 anywhere

Chain reject (13 references)
target	 prot opt source			   destination
DROP	   all  --  anywhere			 anywhere			ADDRTYPE match src-type BROADCAST
DROP	   all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
REJECT	 tcp  --  anywhere			 anywhere			reject-with tcp-reset
REJECT	 udp  --  anywhere			 anywhere			reject-with icmp-port-unreachable
REJECT	 icmp --  anywhere			 anywhere			reject-with icmp-host-unreachable
REJECT	 all  --  anywhere			 anywhere			reject-with icmp-host-prohibited

Chain shorewall (0 references)
target	 prot opt source			   destination

Chain smurfs (0 references)
target	 prot opt source			   destination
RETURN	 all  --  default			  anywhere
LOG		all  --  anywhere			 anywhere			ADDRTYPE match src-type BROADCAST LOG level info prefix `Shorewall:smurfs:DROP:'
DROP	   all  --  anywhere			 anywhere			ADDRTYPE match src-type BROADCAST
LOG		all  --  BASE-ADDRESS.MCAST.NET/4  anywhere			LOG level info prefix `Shorewall:smurfs:DROP:'
DROP	   all  --  BASE-ADDRESS.MCAST.NET/4  anywhere

I ran the 2 commands, chkconfig iptables off and service iptables stop, but I still could not get access. After running the 2 commands, iptables -L shows the following,

Chain INPUT (policy ACCEPT)
target	 prot opt source			   destination

Chain FORWARD (policy ACCEPT)
target	 prot opt source			   destination

Chain OUTPUT (policy ACCEPT)
target	 prot opt source			   destination

and the output of chkconfig --list | grep :on no longer lists iptables. After a reboot, chkconfig --list | grep :on still doesn't list iptables, and it shows as not running in MCC, however the output of iptables -L, is back to the long list above, and shorewall still needs to be stopped to get access, and can be started again, while still having access.

iptables is not selected by default on installation of Mandriva, I actually select it, I don't know why, I don't actually do anything with it, I guess I just heard it was a good thing, should I perhaps just uninstall it?

I await your reply, thanks

[Edit] I'll have to get back to you on this, I'm running late, and rushing everything, I'll get back this afternoon.

Thanks

Here is the output of the command you asked

acpid		   0:off   1:off   2:off   3:on	4:on	5:on	6:off
alsa			0:off   1:off   2:on	3:on	4:on	5:on	6:off
atd			 0:off   1:off   2:off   3:on	4:on	5:on	6:off
avahi-daemon	0:off   1:off   2:off   3:on	4:off   5:on	6:off
crond		   0:off   1:off   2:on	3:on	4:on	5:on	6:off
cups			0:off   1:off   2:on	3:on	4:on	5:on	6:off
dkms			0:off   1:off   2:off   3:on	4:on	5:on	6:off
dm			  0:off   1:off   2:off   3:off   4:off   5:on	6:off
fuse			0:off   1:off   2:off   3:on	4:on	5:on	6:off
haldaemon	   0:off   1:off   2:off   3:on	4:on	5:on	6:off
harddrake	   0:off   1:off   2:off   3:on	4:on	5:on	6:off
iptables		0:off   1:off   2:on	3:on	4:on	5:on	6:off
irqbalance	  0:off   1:off   2:off   3:on	4:on	5:on	6:off
keytable		0:off   1:off   2:on	3:on	4:on	5:on	6:off
kheader		 0:off   1:off   2:on	3:on	4:off   5:on	6:off
lisa			0:off   1:off   2:off   3:on	4:on	5:on	6:off
mandi		   0:off   1:off   2:on	3:on	4:on	5:on	6:off
messagebus	  0:off   1:off   2:on	3:on	4:on	5:on	6:off
netfs		   0:off   1:off   2:off   3:on	4:on	5:on	6:off
network		 0:off   1:off   2:on	3:on	4:on	5:on	6:off
network-up	  0:off   1:off   2:on	3:on	4:on	5:on	6:off
nfs-common	  0:off   1:off   2:on	3:on	4:on	5:on	6:off
nfs-server	  0:off   1:off   2:on	3:on	4:on	5:on	6:off
ntpd			0:off   1:off   2:on	3:on	4:on	5:on	6:off
numlock		 0:off   1:off   2:off   3:on	4:on	5:on	6:off
partmon		 0:off   1:off   2:off   3:on	4:on	5:on	6:off
portmap		 0:off   1:off   2:off   3:on	4:on	5:on	6:off
resolvconf	  0:off   1:off   2:on	3:on	4:on	5:on	6:off
shorewall	   0:off   1:off   2:on	3:on	4:on	5:on	6:off
sound		   0:off   1:off   2:on	3:on	4:on	5:on	6:off
syslog		  0:off   1:off   2:on	3:on	4:on	5:on	6:off

The firewall is just Shorewall, the one that comes standard with Mandriva I guess.

As for rules, well I just have Echo Request (Ping) selected, and the ports 2049/udp 2049/tcp open, I believe these are for NFS.

I am running RC2/Cooker, updated to 2008.1 Official, and I do not experience what you describe.

I have my 2 PC's (lets call them tux1 and tux2) both connected to my ADSL Router/Modem, Both PC's are running MDV 2008.1, I have them set up so as tux1 can access tux2's shares and tux2 can access tux1's shares. Everything works fine, so things must be set up OK, accept, after I shut down for the day, and then boot up again tomorrow, I no longer have the access I did the day before. To fix the problem, all I have to do is turn off the firewall on both PC's, and then I can have access again, I can then turn both firewalls back on and I still have access, no other changes are made.

What do I have to do, so as I don't have to turn the firewalls on and off everyday?

[moved from Networking by spinynorman]

What is MCC

MCC is the Mandriva Control Center, Start Menu/Tools/System Tools/Configure Your Computer, or link in task bar, or just mcc in a konsole as root, will get you there.

I use the command line because I like to save all the downloaded rmps for another computer, and do not know how to do that from the GUI tool. I think the GUI tool deletes the rpms after they have been installed.

You can have the packages saved while using the GUI, at least you could, I haven't yet tried it with 2008.1, but I guess it will work. You have just got to edit a file.

When was 2008.1 released? I have not found it anywhere yet.

Well, it's not released yet, but they made the final ISO's the other day, so I guess it's finished. I am using RC2, updated via cooker to the latest, which is/will become the same thing as the final 2008.1. The updates have pretty much stoped over the last day or so, and it now says 2008.1 (Official), so I guess it's as final as it's going to get. It's supposed to be officially released on the 9th or 10th this month, so it's not far away.

Do you not like MCC? I find that you can see so much better what is going on, I don't mind the CLI, but I only use it if I have to.

The version of knetworkmanager that you are trying to install seems to be for 2007.1, but you say you are using 2008 ?

root@evo user]# urpmi --auto --noclean knetworkmanager

A requested package cannot be installed:

networkmanager-0.6.4-5mdv2007.1.i586 (due to unsatisfied libiw.so.28)

Why aren't you installing the one for 2008?

knetworkmanager-0.2-1mdv2008.0 (it is in contrib)

hmmm, I'm getting confused bouncing between versions :|

You could try installing libiw29 first, it contains libiw.so.29, not the same version, but it's newer, so it may be ok. Then try installing knetworkmanager again.

[Edit] Oh, forgot I am on 2008.1, so you might not have libiw29, but just search libiw, then check what files are in it by highlighting it in MCC, then click files, and see what version of libiw.so is contained in it. If it is .28 or .29 it should be ok.

I wondered if any of you have a fingerprint scanner on your laptop

Are these laptop exclusive, I guess they wouldn't be, but you use laptop, just curious. How much would one of these cost approx?

If you use MCC/urpmi, the dependencies will be taken care of for you, but I assume you mean if you manually download gcc, and try like that, then you will have to chase the dependencies yourself I guess, which will be neither enjoyable (unless your a masochist ) or recommended, but not impossible. You will just have to find out what the dependencies are, and install them. How? well, you may be able to find a list in the documentation, or you could just get them one by one as they are reported to you, again, not enjoyable, nor recommended, however perhaps not impossible, I have done similar in the past.

Is there a reason you are using the One version, as apposed to the Free DVD, or CD sets ?, they would contain what you want I believe.

Anyway, other more knowledgeable people may have a better idea for you, just wait a little while and see if anyone bites :)

I don't believe it is, ( and if you can't access the Net on the PC you are talking about because of your network card problem, the following will be no good to you) :sad:

but if you have a good connection and or downloading stuff is no problem for you, you can set up your software repositories/sources by going to Easyurpmi, and following the 3 steps there.

http://easyurpmi.zarb.org/

you will also find a link up the top right there ^^

Once you have you repo's set up, you can search MCC/Software Management/Install and Remove Software for gcc, and install it.

I don't think that is quite the same thing aphelion because when this happens my MCC freezes as soon as the package refresh is complete and has to be shut down, it never actually downloads anything. However, I tried it again this afternoon and it worked properly, so perhaps the update to rpmdrake that I got via urpmi this morning has made a difference.

 

Only time will tell.

Yes, I have had the freeze thing as well, but I found out quickly how to get around it easily. When it freezes, all I do is press the X (close) at the top of MCC, and it's business as usual, It doesn't close/shut down, but continues on. Works for me anyway :)

Yes, I have had this, and or similar happen several times, each time there would be some package/packages, but it wouldn't download/install, then the error message, then the list would refresh, then I would just install the listed updates, it doesn't seem to cause any problems, at least not that I have noticed.

Yes, they can choose not to send a receipt back. You can get programs that will do it without their input/knowledge, I don't know if you can get them for Linux, but I have used one in Windows a long time ago, and it worked well then.

It may have been that fellow eating popcorn? :D

lol, yes, I was going to reply to another post, in another thread, and selected 'quote', but then ended up not replying, then later, when I replied to this thread, I was surprised when I saw it turn up here. I thought I best delete him quick before any confusion set in :) Then I burnt my toast to boot :(

Isn't it a kicker applet type of thing?

What happens when you right click on the kicker (task bar, what ever you want to call it) then select Add Applet to Panel , can you select it from there? just guessing, I don't use it.

Beaten by a hair :)

I take it you are trying to compile it from source. There is no need to do that, and it is easier not to. Just make sure you have your repositories set up, and search for it in MCC, and it will install it for you. If you haven't already you can set up your sources by going to Easyurpmi and following the instructions.

http://easyurpmi.zarb.org/

Or click the Easyurpmi link up above, top right of this page.

Although compiling from source can be fun (in a twisted masochistic sort of way ;) ) and certainly a learning experience, it really is better 99.9% of the time to install software via Mandriva's MCC or urpmi if you like. There may be occasions where you have to compile from source, eg, for the very latest of something, and you can't wait, or some app you want and there is no pre compiled package available, among others.

Ok, well I may not be able to help, but from memory, there may have been a bug, which may or may not have been fixed, and thus may or may not be fixed by an update. I usually disable the DVD's after installation, and just download from then on, so I never really experienced the probem. I did one time however have a similar problem, where it would keep asking for the DVD over and over, I found that if I waited until the autoplay thing, what ever it is called, you know how a window pops up and asks you what you want to do when you insert a CD/DVD, well if I waited until that popped up before continuing with the MCC/urpmi promt after inserting the DVD it would work fine.

Also, just lately on Mandriva 2008.1 RC2 (cooker), it asked me to insert the DVD into /dev/cdrom1 , when it should have been /dev/cdrom, I just inserted the DVD into /dev/cdrom regardless, and it continued on happily. This only happened once.

Good Luck, hope you get it worked out.

Well an easy way, and seeing as the software on the DVD would be almost 6 months behind, you could just unselect the DVD media from MCC-Software Management-Configure media sources for install and update. This would then not use the DVD's any longer, and thus you wouldn't be asked to insert them, but would download the latest versions from the repositories. You can set up your repositories if you haven't already by either going to http://easyurpmi.zarb.org/ and following the instructions, or you will find a link up to the right of this page. You can also set them up from within MCC, but it might be better to use Easyurpmi. Of course if you don't have a good internet connection, or don't want to download the software for whatever reason, this may not be good for you.

Yes, being able to install and configure easier with things like Cedega and CG are great, especially for those who don't like getting their hands to dirty, and yes, competition is good, and as Reiver_Fluffi said,

encourages innovation and value for money

I am thankful for companies like id Software, Frictional Games, Epic, etc, who make the effort and release Linux native versions, and always hope that more will follow.

It's always good to see things like this, and it will only get better, but a look at the Supported Games list is a little disheartening. There is only 45 listed, and of those, the ones that are supposed to work the best are Silver, this is what it says about Silver.

Silver Medal - The Silver is awarded to applications that install. and run well enough to be usable. However, in our testing, we find that these applications have significant bugs that prevent them from running flawlessly. The most important aspect of a Silver application is that CodeWeavers makes a firm commitment to bring all Silver applications to the Gold level in future releases of CrossOver, and that CodeWeavers will respond to and address all bugs reported in these applications

I am not knocking them, and do applaud them for their efforts, however the above comments about the Silver games do not inspire a great deal of joy in me. The latter part however, stating that they will respond to and address, all bugs reported for these silver applications, does bring hope. But unfortunately, another problem is the small number of games to choose from, and I don't think that this will be overcome any time soon. As I see it, the only real hope for Linux and games, is when more and more Game companies start to support Linux natively. Then we may see things start to happen, and have things as they should be, but will that happen . . .?

Congrats and thanks to CodeWeavers on their efforts, and I do hope they can take things up a couple of notches above Cedega and Wine.

another link http://www.linux-books.us/linux_general_0013.php for the same book.

Thank you, the first link doesn't seem to be working at the moment.