hippocampe Posted November 29, 2002 Report Share Posted November 29, 2002 I had a problem connecting to the internet when I upgraded to Mandrake 9. I have an ADSL connection. I've tried everything I saw on the forums and asked for help but nothing worked. Finally, I tried disabling shorewall and my connection now works. However, I have no firewall right now. I guess there is some problem in the default configuration. I have also installed iptables and set it to start at boot but whenever I take a look at mcc, it says iptables is ot running. I am not expert enough to edit manually the config files. Is there a way to set the rules interactively? Thanks. Quote Link to comment Share on other sites More sharing options...
MottS Posted December 2, 2002 Report Share Posted December 2, 2002 Reinstall Shorewall .. You can configure what is going to enter at MCC->Security->Firewall. But you have to manually configure what is allowed to go out in /etc/shorewall/rules In is my rules: ACCEPT net fw udp 4662,6891,6892 - ACCEPT net fw tcp 80,443,4662,6891,6892 - ACCEPT masq fw udp 4662,6891,6892,137,138,139 - ACCEPT masq fw tcp 80,443,4662,6891,6892,137,138,139 - ACCEPT loc fw udp 4662,6891,6892,137,138,139 - ACCEPT loc fw tcp 80,443,4662,6891,6892,137,138,139 - ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - ACCEPT fw masq tcp 631,137,138,139 - ACCEPT fw masq udp 631,137,138,139 - IN DETAILS: ACCEPT net fw udp 4662,6891,6892 - ACCEPT net fw tcp 80,443,4662,6891,6892 - This is what is allowed to enter from the net. 80 and 443 are for Apache (if you don't run a webserver you don't need that), 4662 is for eDonke and 6891 and 6892 are for msn file transfer with AMSN. If you don't use either Apache, eDonkey or AMSN then you are not supposed to see those lines. All the ports that are not written here are stealth (hidden) from the net. .. that's good. The rest is related to internal traffic. I have a LAN with another computer and we share files with Samba so this is why you see ports 137 to 139 there. I suggest you to copy-paste that into your rules config file. Adjust it to your needs... specially ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - ACCEPT fw masq tcp 631,137,138,139 - ACCEPT fw masq udp 631,137,138,139 - look at /etc/shorewall/rule file .. it is well documented. MottS Quote Link to comment Share on other sites More sharing options...
sglafata Posted December 2, 2002 Report Share Posted December 2, 2002 I had a problem egtting my home network out to the Internet. Then, I visited the shorewall website and they have excellent documentation and info on the website as well as configuration examples that you could use for things such as a two-interface set up which I had (home network on one NIC and Internet on the other NIC). I replaced the files, set up and configured per the website and voila, everything works beautifully. It took a while to figure out the problem, and the wife was ready to kill me, but "if she's happy, then I'm happy" - He,he,he. Quote Link to comment Share on other sites More sharing options...
johnnyv Posted December 2, 2002 Report Share Posted December 2, 2002 It took a while to figure out the problem, and the wife was ready to kill me, but "if she's happy, then I'm happy" - He,he,he. Unless she's happy cause she has been on a massive shopping spree :P Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.