On Wed, 2002-08-28 at 08:57, Florin wrote:
> [EMAIL PROTECTED] (Gabriel Phoenix) writes:
>
> > On Tue, 2002-08-27 at 23:31, Pixel wrote:
> > > Gabriel Phoenix <[EMAIL PROTECTED]> writes:
> > >
> > > > Shouldn't tinyfirewall allow or have an option for DNS?
> > >
> > > it's there (Domain Name Server). ?
> > >
> > >
> > I meant DNS client lookup. As I read it those options allow for servers
> > connection. What about client connections?
> >
> > I selected it and the same classic DNS error of cannot find such and
> > such url.
> >
> > I clear Shorewall and everything works so it's related to Shorewall's
> > configuration.
> >
> > gabriel
>
> ok,
>
> simply configure your tinyfirewall and then send us the result of the
> command:
>
> grep -v ^# /etc/shorewall/{zones,interfaces,policy,rules}|grep -v ^$
>
> have a nice day,
> --
> Florin http://www.mandrakesoft.com
> http://people.mandrakesoft.com/~florin/
>
-------------------------------
the result of grep command after first configuration
/etc/shorewall/zones:net Net Internet zone
/etc/shorewall/interfaces:net eth0 detect
/etc/shorewall/policy:fw net ACCEPT
/etc/shorewall/policy:net all DROP info
/etc/shorewall/policy:all all REJECT info
/etc/shorewall/rules:ACCEPT net fw udp 53 -
/etc/shorewall/rules:ACCEPT net fw tcp 53,109,110,143 -
masq file has no entries
I figured it out, the interface entry should be ppp0 not eth0 even
though in the example 1 in the interface configuration file it has a DSL
being reference as eth0.
My setup would be the default for a standalone workstation with DSL so
many people will have the same problem. A check for a pppX connection
should be done.
Also I would include a welcoming note if any problems occur that
returning to tinyfirewall and selecting no firewall will undo any
settings. I so-so understand how the firewall works now imagine someone
who makes the adjustment and loses their connection? The support lines
will light up.
All I did was change eth0 to ppp0 after running firewall and it worked.
/etc/shorewall/zones:net Net Internet zone
/etc/shorewall/interfaces:net ppp0 detect
/etc/shorewall/policy:fw net ACCEPT
/etc/shorewall/policy:net all DROP info
/etc/shorewall/policy:all all REJECT info
/etc/shorewall/rules:ACCEPT net fw udp 53 -
/etc/shorewall/rules:ACCEPT net fw tcp 53,109,110,143 -
Since I have your attention... I tested using shields up and those port
still accept connections from outside sources. Grant not a large
security risk but for a standalone workstation all ports should be
reject connections - total stealth. Now this would become important if
someone has a static IP since the machine can still be detected and
attacked.
I would recommend client or server setups. The server setup would allow
incoming connections. The client would refuse all incoming connections
and allow limited outgoing connections. Speaking of which do you know of
where I can find example of the latter?
Gabriel
