hippocampe Posted January 17, 2003 Report Share Posted January 17, 2003 I have once made *many* posts about my internet connection not working before finding out that shorewall is the culprit. Whenever I activate shorewall (default config from install), I can't connect to the outside world. Even ping always return: "unknown host" I thought it was a problem with shorewall so I deactivated it and tried firestarter, guarddog. Basically, I want to block any connection attempts to my computer because I'm not running any server so that's what I did when I setup these firewalls. The problem is all of them don't allow my own connections to the internet!! so right now I can't have a firewall. This makes me nervous as a TCP port scan revealed RPC port is open (RPC, Portmap, xinetd needed by fam. wtheck anyway, isn't that too many requirements fo something that the only apparent function is to notice nautilus that a file has been modified?) But I digress........ It appears all the firewall progs I've tried have this problem. What's wrong here? Thanks Quote Link to comment Share on other sites More sharing options...
SoulSe Posted January 17, 2003 Report Share Posted January 17, 2003 You have to tell the firewall what you want to be blocked and what traffic should be allowed. So you need to tell shorewall or whatever you are using to allow traffic through a given port before it will. By default, it will block everything (including your internet traffic). Go to Mandrake Control Panel -> Security -> firewall and you can open it up there. I have not mucked about with a firewall for a while and I am not at my 'nix box now, so I don't want to talk you through all the editing and make mistakes, but you should be able to resolve it from the control panel or via Webmin. Quote Link to comment Share on other sites More sharing options...
hippocampe Posted January 17, 2003 Author Report Share Posted January 17, 2003 By default, it will block everything (including your internet traffic) Including outbound connection I initiated :?: hmm... How do I tell it to allow my own connection? When I say block http connection in guarddog or MCC, doesn't that mean block connection attempts on port 80 of my machine? If I understand what you said, it will also block my attempts to connect to port 80 on remote machines? I thought all the checkboxes in guarddog (for example) are only for inbound connection requests? Did everyone have their firewall working out of the box, without playing with the config file after install? Quote Link to comment Share on other sites More sharing options...
onurb Posted January 17, 2003 Report Share Posted January 17, 2003 Guarddog works fine for me ! Just checked the boxes and go ! Quote Link to comment Share on other sites More sharing options...
Counterspy Posted January 18, 2003 Report Share Posted January 18, 2003 I support the Guarddog solution for single machines not connected to the net 24/7. If you don't want to use shorewall, check out Bastille, the firewall Mandrake supported until they laid off the worker developing it for now obvious reasons. It is still under active development and is easy to install. Counterspy Quote Link to comment Share on other sites More sharing options...
hippocampe Posted January 18, 2003 Author Report Share Posted January 18, 2003 Yep, I did have Bastille for versions before 9 and it was nice but I couldn't get the configuration program to work in Mandrake 9, it says the "this version [of mandrake] is not supported yet". I don't know if there is anything new currently. It must have something to do with iptables because after all MCC, shorewall, firestarter, guarddog are all just tools to edit the firewall rules right? Damn, I still have these things to fix since the time I upgraded to mdk 9 !!! Quote Link to comment Share on other sites More sharing options...
Dutch Posted January 18, 2003 Report Share Posted January 18, 2003 Install the Guarddog rpm, check three or four boxes and you get a stealth firewall. Nearly as easy to set up as tinyfirewall in Mdk 8.2 days...... Dutch Quote Link to comment Share on other sites More sharing options...
Counterspy Posted January 18, 2003 Report Share Posted January 18, 2003 Aren't there directions for MAndrake 9.0 here: http://www.bastille-linux.org/#get or do they not work? Counterspy Quote Link to comment Share on other sites More sharing options...
dalee Posted January 19, 2003 Report Share Posted January 19, 2003 Hi, I have the same problem with 9.0. I've even tried setting up the firewall manually with IPtables. No go. So it must be a problem with IPtables itself. I'm debating on going back to IPchains and Bastille. Would that route still work with 9.0? dalee Quote Link to comment Share on other sites More sharing options...
Crashdamage Posted January 19, 2003 Report Share Posted January 19, 2003 If you go with Bastille, that's all you need, no need to mess with IP chains. IP chains is really only for 2.2x kernels, IP tables for 2.4x kernels, but Bastille replaces both IP chains and IP tables and is a more complete and effective solution anyway, 'cause it also does NAT and IP masquerading. By far, the best method of firewalling is a router, or better yet, to use 2 nic cards and setup NAT and IP masquerading in Bastille so your computer acts as it's own router. Not hard to do manually or with the InteractiveBastille GUI and any $5 nic cards are fine. Works like an external router but it cuts down on cost and complexity. It'll make your box pretty much bulletproof - mine never fails any tests, always is full stealth. I have full access to the 'Net, even for running file-sharing stuff like Napshare or Mutella. Of course, since it turns your box into a workstation/router, it can also protect a home LAN you might plug into the 2nd card. Really pretty cool. Quote Link to comment Share on other sites More sharing options...
DoctorKaos Posted January 19, 2003 Report Share Posted January 19, 2003 Ok. here's my 2-bits for what it's worth. I tried Mandrake 9 but didn't like it, and went back to my good ol' 8.2 I also looked into shorewall, guarddog, bastille, etc..., and decided to go with iptables. It's not difficult to deal with, and there are tons of rule scripts out there on the web for you to adapt to your own situation. My personal opinion is that iptables is THE best firewall protection. Even if you're a GUI addict (like me), once you grasp the workings of iptables, you'll see how easy it is to use and configure, and yet how powerful it is. Quote Link to comment Share on other sites More sharing options...
Guest ump Posted January 19, 2003 Report Share Posted January 19, 2003 I have shorewall installed and running but when I go to a couple of sites that test your ports most ports just show closed it is my understanding that they should show blocked Does shorewall have more options that I am missing I go to MCC >Seciruity>Firewall All I see is a gray square box with check a feww buttons to click I can't even find the documentation that I installed I even tried to install Guard and Fire starter but I get a message saying everything already installed but yet a shearch for these files show nothing. Ideas ump Quote Link to comment Share on other sites More sharing options...
pmpatrick Posted January 20, 2003 Report Share Posted January 20, 2003 I don't know if this is entirely relevant, but I seem to remember a problem from the old board relating to shorewall and the iptables. Basically, if you install and activate shorewall once, it makes certain changes to your iptables which persist even after deactivation or uninstalling shorewall. As I recall, the solution was to uninstall shorewall, then uninstall iptables and finally reinstall iptables before trying a different firewall. I'm not real certain about any of the above, but hopefully this will be of some use. Quote Link to comment Share on other sites More sharing options...
dalee Posted January 22, 2003 Report Share Posted January 22, 2003 Hi, Just thought I'd say thanks to pmpatrick for fixing my firewall problem! After uninstalling IPtables and re-installing it and Firestarter, I now have good working firewall! :D :D :D Thanks Much! dalee Quote Link to comment Share on other sites More sharing options...
hippocampe Posted January 23, 2003 Author Report Share Posted January 23, 2003 Yay I gotta do that when I get home. I didn't have the time until now. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.