Another Shorewall Question

[Guest Joe Noob]

Well Ive read about the shorewall probs and none of the solutions really fit me. Im not on a network or having download problems. Im using dial up 56k on a single user laptop, the problem is I cant open any web pages,I connect to the internet fine and when I shut off shorewall I can surf no prob. But I turn it back on and I get web page cannot be found check the name ect. I think its just a matter of adding a line or two into files but I cant figure out which ones the only solution I found that was close, the guy added a line to his adsl file but im on dial up. I think this solution is for me (not sure) but its all greek.

 

15. My local systems can't see out to the net

Answer: Every time I read "systems can't see out to the net", I wonder where the poster bought computers with eyes and what those computers will "see" when things are working properly. That aside, the most common causes of this problem are:

The default gateway on each local system isn't set to the IP address of the local firewall interface.

The entry for the local network in the /etc/shorewall/masq file is wrong or missing.

The DNS settings on the local systems are wrong or the user is running a DNS server on the firewall and hasn't enabled UDP and TCP port 53 from the firewall to the internet.

 

Can anyone tell me if this is the fix and if so how to do it;

1) How do I set the IP address of the local firewall

2) What should the entery in /etc/shorewall/masq look like

3) I know the DNS settings are right in KPPP otherwise would'nt work and like I said I cane surf fine with no firewall. I havent enabled UDP and TCP port 53.

Any help would be Veerryy much appreciated this firewall deal is so far over my head.

Thanx Joe

[Counterspy]

Do not interpret this as another RTFM message, but shorewall does have excellent documentation and anyone using ot should really read it.

 

Counterspy

[Guest anon]

I have never liked shorewall, (bloody thing) Try another firewall, guarddog, or firestarter, popular and easy to config.

ftp://ftp.mandrakeusers.com/pub/Mandrake-...0-2mdk.i586.rpm

 

firestarter : ftp://ftp.mandrakeusers.com/pub/Mandrake-...0-1mdk.i586.rpm

[Guest Joe Noob]

Ya Counterspy is right I did kinda skim over the docs, I just know that its one little thing, and I was looking for the easy way out, I guess %*#%@^ counterspy :D

So if you need me I'll be the one reading the 50 sum odd pages of shorewall docs yelling "WHAT, What the heck is that supposed to mean, man windows is looking alot better"

Then I'll get it worked out and remember how many times windows crashed on me and every thing will be right with the world again but just in case it doesnt, I'll keep those links handy thanx anon.

I was wondering what about shorewall didnt you like, is it buggy or doesnt it work as well as others or something?

[Guest anon]

I found it buggy, and difficult to config.(though not impossible) Main reason, on a test, ( https://grc.com/x/ne.dll?bh0bkyd2 ) it showed ports closed. Both guarddog and firestarter on tests, show "stealth mode" which is the best you can hope for.

[MottS]

You have to teach Shorewall to DROP the connection on port you want if you want to be Stealth. Open /etc/shorewall/policy and modify it to your needs. Here is mine and I'm 100% stealth.

 

masq    net     ACCEPT

loc     net     ACCEPT

fw      net     ACCEPT

net     all     DROP    info

all     all     REJECT  info

 

The important line is 'net all DROP' .. which tell shorewall to not even answer the tcp/udp call from the net.

 

Of course, the firewall need to be restarted after mods are make in the config files --> service shorewall restart

 

MOttS

[Guest Joe Noob]

well thanx for the help guys but I couldnt figure out the docs so now Im the proud operator of Guarddog. I hope i have it configured right, I'll have to check for leaks later the link keeps timing out right now.

:D 8)

[pmpatrick]

Here's another free port security scan site from sygate which is very good:

 

http://scan.sygatetech.com/

[Guest Joe Noob]

Hum sygate timed out also, do you think it has something to do with me limiting the information about my browser and OS.

[Guest Joe Noob]

Hey does anyone know why I keep timing out on those links?