satelliteuser083 Posted November 8, 2005 Author Report Share Posted November 8, 2005 Thanks, have now set up shorewall. AND have managed to reliably connect/disconnect broadband via the network-icon. But perhaps I spoke too soon about it working first time, because that isn't always the case; quite frequently the system boots without starting eth1 and then no number of attempts to connect via the icon works. On checking in MCC/System-services I've noticed that netplugd is not set to 'on boot'; is this significant? Also, I did not provide any of the Hostname/DNS server/Gateway information when setting up the connection, essentially because I don't know it and, since the connection works anyway, I thought it was optional. Probably not. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted November 8, 2005 Report Share Posted November 8, 2005 When you installed shorewall did you use: urpmi shorewall If so, I've had problems before. If you go into MCC, Security, and then Firewall, go through the GUI configuration, and make sure you choose the ethernet card. I found that when I didn't do this, after rebooting I couldn't access the internet, but as soon as I stopped the shorewall service, it would start working. It then turned out to be a slight configuration problem. Quote Link to comment Share on other sites More sharing options...
satelliteuser083 Posted November 8, 2005 Author Report Share Posted November 8, 2005 Have just installed shorewall on this hdd as you suggested - via the gui. Just one point, though; MCC does not say whether or not shorewall has been successfully installed, although I assume that all is OK. Is there any way of checking this on-line other than selecting verbose at boot-time? Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted November 8, 2005 Report Share Posted November 8, 2005 At the CLI, you can type: service shorewall status Quote Link to comment Share on other sites More sharing options...
satelliteuser083 Posted November 8, 2005 Author Report Share Posted November 8, 2005 At the CLI, you can type: service shorewall status <{POST_SNAPBACK}> Not on my system, unfortunately; result is 'bash: service: command not found'. No worry, though. Thanks anyway. Quote Link to comment Share on other sites More sharing options...
spinynorman Posted November 8, 2005 Report Share Posted November 8, 2005 You have to be root to use it. :) Quote Link to comment Share on other sites More sharing options...
satelliteuser083 Posted November 9, 2005 Author Report Share Posted November 9, 2005 You have to be root to use it. :) <{POST_SNAPBACK}> Thanks. Didn't understand the pages of info, but something IS clearly there. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted November 9, 2005 Report Share Posted November 9, 2005 Can you post an "ifconfig -a"? Also, if you ping your router, do you get any errors like destination unreachable? This will show if the firewall isn't configured properly as I found in my case, when I had to go to mcc and reconfigure. Quote Link to comment Share on other sites More sharing options...
satelliteuser083 Posted November 9, 2005 Author Report Share Posted November 9, 2005 [root@cpc4-clif1-6-0-cust18 ~]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:02:2D:33:30:17 inet6 addr: fe80::202:2dff:fe33:3017/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:5 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B ) TX bytes:0 (0.0 B ) Interrupt:11 Base address:0x100 eth1 Link encap:Ethernet HWaddr 00:00:39:4A:74:8D inet addr:81.111.98.18 Bcast:255.255.255.255 Mask:255.255.255.0 inet6 addr: fe80::200:39ff:fe4a:748d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:17533 errors:0 dropped:0 overruns:0 frame:0 TX packets:11365 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:22827668 (21.7 Mb) TX bytes:985563 (962.4 Kb) Interrupt:11 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:23 errors:0 dropped:0 overruns:0 frame:0 TX packets:23 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1571 (1.5 Kb) TX bytes:1571 (1.5 Kb) sit0 Link encap:IPv6-in-IPv4 inet6 addr: ::127.0.0.1/96 Scope:Unknown inet6 addr: ::81.111.98.18/96 Scope:Compat UP RUNNING NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B ) TX bytes:0 (0.0 B ) Am still a novice; don't know how to 'ping' :unsure: Quote Link to comment Share on other sites More sharing options...
arctic Posted November 9, 2005 Report Share Posted November 9, 2005 Am still a novice; don't know how to 'ping' Open a terminal, log in as root (type "su", and enter the root password), then type e.g. ping www.siteyouwanttoping.com or ping 123.456.789.000 for more options, type man ping (for quitting the manpages, type "q") or ping --help Quote Link to comment Share on other sites More sharing options...
satelliteuser083 Posted November 10, 2005 Author Report Share Posted November 10, 2005 Tried with ping www.mandrivausers.org, which resulted in: PING mandrivausers.org (83.245.15.165) 56(84) bytes of data. 64 bytes from kwh.kernow-gb.com (83.245.15.165): icmp_seq=1 ttl=53 time=27.1 ms .. .. 64 bytes from kwh.kernow-gb.com (83.245.15.165): icmp_seq=36 ttl=53 time=30.4 ms When I terminated it with Ctrl-C the answer was: --- mandrivausers.org ping statistics --- 36 packets transmitted, 36 received, 0% packet loss, time 35032ms rtt min/avg/max/mdev = 26.523/28.013/31.762/1.157 ms Presumeably this is positive :unsure: Quote Link to comment Share on other sites More sharing options...
arctic Posted November 10, 2005 Report Share Posted November 10, 2005 Yes, that is positive. :) Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted November 10, 2005 Report Share Posted November 10, 2005 It could be an ipv6 issue if you are having problems browsing etc. What's your web browser? If Firefox, try: about:config (in the url address bar) filter for ipv6 change from false to true then, what might be worth doing if still having problems browsing, to add this line to /etc/modprobe.conf alias net-pf-10 off Quote Link to comment Share on other sites More sharing options...
satelliteuser083 Posted November 10, 2005 Author Report Share Posted November 10, 2005 It could be an ipv6 issue if you are having problems browsing etc. What's your web browser? If Firefox, try: about:config (in the url address bar) filter for ipv6 change from false to true then, what might be worth doing if still having problems browsing, to add this line to /etc/modprobe.conf alias net-pf-10 off <{POST_SNAPBACK}> Currently both broadband modem and Firefox are working well - that's LE2005 with shorewall - so I'll keep these tips in mind for when the router is installed. Thanks. Quote Link to comment Share on other sites More sharing options...
satelliteuser083 Posted November 10, 2005 Author Report Share Posted November 10, 2005 (edited) With regard to my paranoia about hackers, if I'm not using the web I cut the connection via the network-icon, which needs root permission. Is there any way of avoiding this, i.e. giving permission to a specific user, perhaps in a similar way to enabling the pcmciahdd at boot via /etc/fstab? Edited November 10, 2005 by satelliteuser083 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.