DSL and Guarddog

[Guest Joe Noob]

Ok I get the dsl up (rp-ppoe rocks) but only without a firewall.

Here's the readers digest version:

DSL up and can surf no problem, start shorewall and then I cant connect, add checks to more stuff in the shorewall gui and still cant connect.Ok so I shut down shorewall and download Guarddog ( I used guarddog with 9.0) Iset it up the same as before and cant connect , put a check by more stuff ie opened more ports, and still cant connect , gasp, shut down guarddog try to connect and no go huh? run the netconf. wizard again and yep you guessed it "cant connect"

So anyone have any tips, tricks or links to lit alone with the inevitable RTFM that I do deserve but I was just too excited with my new DSL to do google.

Thanx in advance

[MottS]

http://www.mandrakeusers.org/viewtopic.php...p?p=46183#46183

 

If you wanna try another firewall you have to do:

 

1) uninstall shorwall

2) uninstall iptable

3) reinstall iptable

4) reinstall the desired firewall (in your case Guarddog)

 

It is so because Shorwall modifies iptable when you first install it and it does not put back iptable at it's initial state when you uninstall it.

 

It would be simpler to configure Shorewall correctly. Here is what I would have for a 1 interface system:

 

net     ppp0    detect

loc     eth0    detect

 

fw      net     ACCEPT <--THIS LINE IS IMPORTANT!!!!!!!!!

net     all     DROP

 

net     Net     Internet zone

loc     Local   Local

 

By default you surely have something in /etc/shorewall/rules .. what is it? What is the output of 'ifconfig' when you are connected to the net and you think you could access it? Did you restart shorewall after playing with the config files (type 'service shorewall restart' as root) ?

 

...

 

MOttS

[Guest Joe Noob]

Thanx for the reply, good stuff to know, Im writing this on the way out the door but I'll be making some time tomarrow to play with it and I want to read up on firewalls a little. Just the very basics , I'm a Gui kinda guy.

Thanks again

Joe

[Guest Joe Noob]

A quick question , in Motts Shorewall how to in the FAQ links he states , I think, that if you dont whant to run a server that just installing shorewall is all you have to do? Because after I installed it the dsl worded fine but i opened the shorewall GUI and it had a check next to disabled .So i thought the firewall was "disabled" or did that mean server activity was disabled??

Ok dig it I'm not having an easy time with this firewall stuff , Im using a laptop But no network , no servers ( i dont think?), just one ethernet card ( I think), basically its just me,the laptop,the dsl modem and a phone jack.

Are there any tutorials that just cover that , cause theres alot of lit out there

on firewalls but it all for routers, dns servers wireless networking connecting to your own computer from somewhere else. Please someone stop the maddness

[MottS]

This is the DOC on the Shorewall website about standalone system (1 interface):

 

http://shorewall.net/standalone.htm

 

But personnaly I would just uninstall shorewall and iptable and then reinstall iptable... DONT REINSTALL SHOREWALL. If you just connect to the net time to time and you don't run any server, YOU DONT NEED A FIREWALL. There are lots of other targets outhere (windows machine + servers) so chances that you are attacked and they succeded are really low .. even impossible.

 

MOttS

[Guest Joe Noob]

Oh not imposible , I had it happen already so i did the netstat deal and dude paniced and messed up my system on the way out.

I really would feel better having a firewall

I actually tried to read that page but I need to clear somethings up :

 

The firewall has a single network interface. Where Internet connectivity is through a cable or DSL "Modem", the External Interface will be the ethernet adapter (eth0) that is connected to that "Modem" unless you connect via Point-to-Point Protocol over Ethernet (PPPoE) or Point-to-Point Tunneling Protocol (PPTP) in which case the External Interface will be a ppp0. If you connect via a regular modem, your External Interface will also be ppp0. If you connect using ISDN, your external interface will be ippp0.

My connection is through a dsl modem thats connected to my ethernet adapter i think (the rj46 on the back of my laptop) and im pretty sure yhat its a PPPoE So is it a eth0 or pppo

[MottS]

Your external connection is ppp0. So in /etc/shorewall/interfaces, you have to change

 

net eth0 detect norfc1918,routefilter,dhcp

 

for

 

net ppp0 - norfc1918,routefilter

 

NOTICE: I put a '-' instead of 'detect' and I removed 'dhcp' 8)

 

You are doing good man .. !!

 

MOttS

[Guest Joe Noob]

Thanks I appreciate the encouragment as well as the help especially the help , as a carpenter that was lucky to pass high school some times I have to read the same paragragh two or three times and you still go, HUH Huh what

But Im like the gum on the bottom of the shoe of Linux , it just cant get rid of me :lol:

I'll have to use that tomarrow , but right now its back to FOOOTTBAAALLL

thanx again Joe

[Guest Joe Noob]

MottS thanks for all your help. I am behind a firewall using linux to surf.

Unfortunatly not with shorewall , for now, but Im still reading docs.

Take care Joe