On Wed, 2002-08-28 at 08:57, Florin wrote: > [EMAIL PROTECTED] (Gabriel Phoenix) writes: > > > On Tue, 2002-08-27 at 23:31, Pixel wrote: > > > Gabriel Phoenix <[EMAIL PROTECTED]> writes: > > > > > > > Shouldn't tinyfirewall allow or have an option for DNS? > > > > > > it's there (Domain Name Server). ? > > > > > > > > I meant DNS client lookup. As I read it those options allow for servers > > connection. What about client connections? > > > > I selected it and the same classic DNS error of cannot find such and > > such url. > > > > I clear Shorewall and everything works so it's related to Shorewall's > > configuration. > > > > gabriel > > ok, > > simply configure your tinyfirewall and then send us the result of the > command: > > grep -v ^# /etc/shorewall/{zones,interfaces,policy,rules}|grep -v ^$ > > have a nice day, > -- > Florin http://www.mandrakesoft.com > http://people.mandrakesoft.com/~florin/ >
------------------------------- the result of grep command after first configuration /etc/shorewall/zones:net Net Internet zone /etc/shorewall/interfaces:net eth0 detect /etc/shorewall/policy:fw net ACCEPT /etc/shorewall/policy:net all DROP info /etc/shorewall/policy:all all REJECT info /etc/shorewall/rules:ACCEPT net fw udp 53 - /etc/shorewall/rules:ACCEPT net fw tcp 53,109,110,143 - masq file has no entries I figured it out, the interface entry should be ppp0 not eth0 even though in the example 1 in the interface configuration file it has a DSL being reference as eth0. My setup would be the default for a standalone workstation with DSL so many people will have the same problem. A check for a pppX connection should be done. Also I would include a welcoming note if any problems occur that returning to tinyfirewall and selecting no firewall will undo any settings. I so-so understand how the firewall works now imagine someone who makes the adjustment and loses their connection? The support lines will light up. All I did was change eth0 to ppp0 after running firewall and it worked. /etc/shorewall/zones:net Net Internet zone /etc/shorewall/interfaces:net ppp0 detect /etc/shorewall/policy:fw net ACCEPT /etc/shorewall/policy:net all DROP info /etc/shorewall/policy:all all REJECT info /etc/shorewall/rules:ACCEPT net fw udp 53 - /etc/shorewall/rules:ACCEPT net fw tcp 53,109,110,143 - Since I have your attention... I tested using shields up and those port still accept connections from outside sources. Grant not a large security risk but for a standalone workstation all ports should be reject connections - total stealth. Now this would become important if someone has a static IP since the machine can still be detected and attacked. I would recommend client or server setups. The server setup would allow incoming connections. The client would refuse all incoming connections and allow limited outgoing connections. Speaking of which do you know of where I can find example of the latter? Gabriel