I'm Sorry, I should have went in to more detail yes I agree I think it is
drakfw's
configuration is broken.
-Original Message-
From: Jack Coates [mailto:[EMAIL PROTECTED]
Sent: Saturday, November 15, 2003 12:25 AM
To: Mandrake Expert List
Subject: RE: [expert] shorewall
I have three
the same think I did at home for 9.0 in control center and it
works. Just on 9.2 it's broken.
-Original Message-
From: Thomas Backlund [mailto:[EMAIL PROTECTED]
Sent: Friday, November 14, 2003 4:27 PM
To: [EMAIL PROTECTED]
Subject: Re: [expert] shorewall
From: Lawson
From: Lawson, Jim [EMAIL PROTECTED]
Thomas I will Monday. I installed iptables and it works. 9.2 shore wall is
broken. I did the same think I did at home for 9.0 in control center and
it
works. Just on 9.2 it's broken.
What do you mean you installed iptables ???
Shorewall is an iptables based
From: Lawson, Jim [EMAIL PROTECTED]
Did this below still nothing everything stops... Can you help more Please.
the three last lines of /etc/shorewall/routestopped should be:
--- cut ---
#INTERFACE HOST(S)
eth0
#LAST LINE...
--- cut ---
[EMAIL PROTECTED] shorewall]# service shorewall
To: [EMAIL PROTECTED]
Subject: Re: [expert] shorewall
From: Lawson, Jim [EMAIL PROTECTED]
Did this below still nothing everything stops... Can you help more Please.
the three last lines of /etc/shorewall/routestopped should be:
--- cut ---
#INTERFACE HOST(S)
eth0
#LAST LINE...
--- cut
and why could
you submit a bug at bugs.mandrakelinus.com ... thanks.
James
-Original Message-
From: Thomas Backlund [mailto:[EMAIL PROTECTED]
Sent: Friday, November 14, 2003 4:27 PM
To: [EMAIL PROTECTED]
Subject: Re: [expert] shorewall
From: Lawson, Jim [EMAIL PROTECTED
: Friday, November 14, 2003 4:27 PM
To: [EMAIL PROTECTED]
Subject: Re: [expert] shorewall
From: Lawson, Jim [EMAIL PROTECTED]
Did this below still nothing everything stops... Can you help more Please.
the three last lines of /etc/shorewall/routestopped should be:
--- cut ---
#INTERFACE
Hi ,
there is very good documentation on the shorewall site
The request is a bit vague, how many interfaces do you have, ?
what is your inet interface ?,
If your inet interface is ethernet ,I'll send you copies of my config
files.
I would seriously suggest if your using shorewall and drakconf
default mandrake shorewall config is... not so good. Read up on
http://www.shorewall.net, reconfigure it and you'll be fine.
On Thu, 2003-07-03 at 21:06, Joseph Loo wrote:
I recently installed a fresh copy of Mandrake 9.1 and included the
shorewall firewall. I have a modem hookup. When I try
Joseph Loo wrote:
I recently installed a fresh copy of Mandrake 9.1 and included the
shorewall firewall. I have a modem hookup. When I try to ping a site
e.g. www.ibm.com the system never seems to respond. It looks like the
firewall is preventing something from happening. I have enable the
I recently installed a fresh copy of Mandrake 9.1 and included the
shorewall firewall. I have a modem hookup. When I try to ping a site
e.g. www.ibm.com the system never seems to respond. It looks like the
firewall is preventing something from happening. I have enable the
shorewall to allow
service iptables stop will reset all rules to allow much the same
as shorewall 'clear'
rgds
Franki
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Jim C
Sent: Saturday, 5 July 2003 12:16 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall
I
I understand that, but it helps to let you know that the dns resolution
has been solved. It will at least comeback with the ip address which
indicates the dns is okay. That is what I was looking for on that
particuliar ping.
Larry Sword wrote:
Joseph Loo wrote:
I recently installed a fresh
I just figured out why the ping did not return the addres. It seems that
the /etc/resolv.conf file is not being updated properly by kpp. It was
not adding the nameserver address in properly. I also modified the
shorewal interface, policy, and zone files to allow me to go out.
Joseph Loo wrote:
On Sun, 2003-03-23 at 10:16, Joan Tur wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hallo!
In my laptop I've got wired nic (eth0) and wireless nic (eth1). After
modifying /etc/shorewall/interfaces it is as shown:
- --
#ZONEINTERFACE BROADCAST OPTIONS
net
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Es Diumenge 23 Març 2003 20:09, en Jack Coates va escriure:
On Sun, 2003-03-23 at 10:16, Joan Tur wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hallo!
In my laptop I've got wired nic (eth0) and wireless nic (eth1). After
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim C wrote on Mon, Mar 10, 2003 at 02:28:10PM -0800 :
So basically the local network and the firewall box can talk to anyone
but, as defined below, not anyone can talk back.
Not quite. If you send a packet out, a reply coming back in (aka talk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No. You're allowing people to ssh directly to your firewall. That's
not safe. At the very least use tcpwrappers to limit what IP's can
connect to the sshd daemon. Even better, limit it to key based ssh'ing
(ie no interactive login).
Make
Richard Humphrey [EMAIL PROTECTED] wrote:
I have seen in the archives where it talks about Samba and Shorewall
having problems. I have followed the instructions from Shorewall bout
how to set the firewall. Still does not work. Has anyone gotten this
to work and if so, can you explain what you
How about a reference to those instructions?
Richard Humphrey wrote:
I have seen in the archives where it talks about Samba and Shorewall
having problems. I have followed the instructions from Shorewall bout
how to set the firewall. Still does not work. Has anyone gotten this to
work and if so,
]
Subject: Re: [expert] Shorewall+Samba
How about a reference to those instructions?
Richard Humphrey wrote:
I have seen in the archives where it talks about Samba and Shorewall
having problems. I have followed the instructions from Shorewall bout
how to set the firewall. Still does not work. Has
firewall and still no dice.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim C
Sent: Wednesday, February 26, 2003 10:17 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall+Samba
How about a reference to those instructions?
Richard Humphrey wrote
Jack Coates wrote:
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
relay spam mail through my server clogging up my
Jim C wrote:
Jack Coates wrote:
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
relay spam mail through my server
as well, but you can stick to the basics if you
don't need any of it..
rgds
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jim C
Sent: Saturday, 30 November 2002 10:48 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall Follies - It's drivin
Jack Coates wrote:
and I also recommended Monmotha for a reason :-) It's a lot easier than
shorewall because it only battens down the external interface.
I find gShield rated better than MonMotha. I use it. Very easy to
install as well.
http://muse.linuxmafia.org/gshield.html
--
Ron.
support for stuff
you have to patch iptables to use.
rgds
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ron Stodden
Sent: Saturday, 30 November 2002 11:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall Follies - It's drivin' me NUTS
Man, where were you 4 weeks ago. ;-)
Franki wrote:
yes, its called gShield.. (http://muse.linuxmafia.org/gshield.html)
...
wrappers for this sort of thing, though.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Why not suggest it? Surely they must have a means of getting input from
thier users and if they don't have a suggestion box perhaps they should
get one.
Franki wrote:
yeah, the new 2.8 version of gShield has alot of extra stuff I hadn't
expected..
Its one very good firewall..
I've been using
Just use smoothwall.org its great, even if the developers are cocky and
not arogant :)
JG
Jim C wrote:
Why not suggest it? Surely they must have a means of getting input from
thier users and if they don't have a suggestion box perhaps they should
get one.
Want to buy your Pack or Services
rules...
Its on the same site as gShield.
rgds
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jim C
Sent: Sunday, 1 December 2002 2:26 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall Follies - It's drivin' me NUTS!!
Man, where were you
, then I will.
more FYI :-)
rgds
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jim C
Sent: Sunday, 1 December 2002 2:32 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall Follies - It's drivin' me NUTS!!
Why not suggest it? Surely they must
Yes it is a poort security practice IF you have something to protect. My
system is a simple home system and of course I have limited resources that
dictate weather or not I even get a firewall or fileserver. Perhaps someday
when I have an old box I can use as a firewall I will set things up
OK, same problem.
Where can I find out the most common uses for individual ports and how
can I find out what a linux box is using those ports for?
Jim C wrote:
Thanks Sebastien. As you can see, there are only three files that are
different and only two of those matter. There is a problem
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
relay spam mail through my server clogging up my logs right now in
http://www.monkeynoodle.org/lrp/lrp-firewall-faq.html
you can grep /etc/services to see what the port is supposed to be used
for. As far as what is really using it, netstat -atun and lsof might
give you some clues, as well as telnet localhost [portnumber].
On Fri, 2002-11-29 at 15:21, Jim C
Jack Coates wrote:
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
relay spam mail through my server clogging up my
On Fri, 2002-11-29 at 18:48, Jim C wrote:
Jack Coates wrote:
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
Well I've got the shorewall rules for samba figured out. Please correct
my work if I've made any mistakes. Port 445 is the port that XP/2K use
for this purpose and the website did not take XP/2K into account. Port
631 is a network printer which may be important when I get around to
putting
On Fri, 2002-11-29 at 18:48, Jim C wrote:
Jack Coates wrote:
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This probably isn't what you want to hear but...
A firewall should be a firewall and NOT a file server. It is poor security
practice to put anything on a firewall box that is not absolutely required.
Use your existing box as a file server and get
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've found it. I have to select cups in both computers, not only at the one
where the printer is connected to O8-)
Es Dimecres 30 Octubre 2002 17:22, en Joan Tur va escriure:
Hallo!
I've started drakconf - security - firewall, and enabled web
42 matches
Mail list logo
