Guest Joe Noob Posted February 8, 2003 Report Share Posted February 8, 2003 Well Ive read about the shorewall probs and none of the solutions really fit me. Im not on a network or having download problems. Im using dial up 56k on a single user laptop, the problem is I cant open any web pages,I connect to the internet fine and when I shut off shorewall I can surf no prob. But I turn it back on and I get web page cannot be found check the name ect. I think its just a matter of adding a line or two into files but I cant figure out which ones the only solution I found that was close, the guy added a line to his adsl file but im on dial up. I think this solution is for me (not sure) but its all greek. 15. My local systems can't see out to the net Answer: Every time I read "systems can't see out to the net", I wonder where the poster bought computers with eyes and what those computers will "see" when things are working properly. That aside, the most common causes of this problem are: The default gateway on each local system isn't set to the IP address of the local firewall interface. The entry for the local network in the /etc/shorewall/masq file is wrong or missing. The DNS settings on the local systems are wrong or the user is running a DNS server on the firewall and hasn't enabled UDP and TCP port 53 from the firewall to the internet. Can anyone tell me if this is the fix and if so how to do it; 1) How do I set the IP address of the local firewall 2) What should the entery in /etc/shorewall/masq look like 3) I know the DNS settings are right in KPPP otherwise would'nt work and like I said I cane surf fine with no firewall. I havent enabled UDP and TCP port 53. Any help would be Veerryy much appreciated this firewall deal is so far over my head. Thanx Joe Quote Link to comment Share on other sites More sharing options...
Counterspy Posted February 8, 2003 Report Share Posted February 8, 2003 Do not interpret this as another RTFM message, but shorewall does have excellent documentation and anyone using ot should really read it. Counterspy Quote Link to comment Share on other sites More sharing options...
Guest anon Posted February 8, 2003 Report Share Posted February 8, 2003 I have never liked shorewall, (bloody thing) Try another firewall, guarddog, or firestarter, popular and easy to config. ftp://ftp.mandrakeusers.com/pub/Mandrake-...0-2mdk.i586.rpm firestarter : ftp://ftp.mandrakeusers.com/pub/Mandrake-...0-1mdk.i586.rpm Quote Link to comment Share on other sites More sharing options...
Guest Joe Noob Posted February 9, 2003 Report Share Posted February 9, 2003 Ya Counterspy is right I did kinda skim over the docs, I just know that its one little thing, and I was looking for the easy way out, I guess %*#%@^ counterspy :D So if you need me I'll be the one reading the 50 sum odd pages of shorewall docs yelling "WHAT, What the heck is that supposed to mean, man windows is looking alot better" Then I'll get it worked out and remember how many times windows crashed on me and every thing will be right with the world again but just in case it doesnt, I'll keep those links handy thanx anon. I was wondering what about shorewall didnt you like, is it buggy or doesnt it work as well as others or something? Quote Link to comment Share on other sites More sharing options...
Guest anon Posted February 9, 2003 Report Share Posted February 9, 2003 I found it buggy, and difficult to config.(though not impossible) Main reason, on a test, ( https://grc.com/x/ne.dll?bh0bkyd2 ) it showed ports closed. Both guarddog and firestarter on tests, show "stealth mode" which is the best you can hope for. Quote Link to comment Share on other sites More sharing options...
MottS Posted February 9, 2003 Report Share Posted February 9, 2003 You have to teach Shorewall to DROP the connection on port you want if you want to be Stealth. Open /etc/shorewall/policy and modify it to your needs. Here is mine and I'm 100% stealth. masq net ACCEPT loc net ACCEPT fw net ACCEPT net all DROP info all all REJECT info The important line is 'net all DROP' .. which tell shorewall to not even answer the tcp/udp call from the net. Of course, the firewall need to be restarted after mods are make in the config files --> service shorewall restart MOttS Quote Link to comment Share on other sites More sharing options...
Guest Joe Noob Posted February 11, 2003 Report Share Posted February 11, 2003 well thanx for the help guys but I couldnt figure out the docs so now Im the proud operator of Guarddog. I hope i have it configured right, I'll have to check for leaks later the link keeps timing out right now. :D 8) Quote Link to comment Share on other sites More sharing options...
pmpatrick Posted February 11, 2003 Report Share Posted February 11, 2003 Here's another free port security scan site from sygate which is very good: http://scan.sygatetech.com/ Quote Link to comment Share on other sites More sharing options...
Guest Joe Noob Posted February 11, 2003 Report Share Posted February 11, 2003 Hum sygate timed out also, do you think it has something to do with me limiting the information about my browser and OS. Quote Link to comment Share on other sites More sharing options...
Guest Joe Noob Posted February 16, 2003 Report Share Posted February 16, 2003 Hey does anyone know why I keep timing out on those links? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.