this is what i get if i type in iptables -L and for grep...
p.s. i use drakxconf-45
On Thu, 2002-09-12 at 11:23, Florin wrote:
> Hi there,
>
> this is the standard procedure:
> 1. configure your internet connection with draknet
> 2. configure your internet access with draknet
> 3. configure your security or internet sharing
> 4. try if it works
> 5. grep -v ^# /etc/shorewall/{zones,interfaces,policy,masq,rules} |grep -v
> ^$
>
> and send us the output
>
> 6. with the sharing connection enabled, can you ping a real web IP address ?
> In that case the you have name resolution problem.
>
> 7. server named status on firewall
> 8. cat /erc/resolv.conf on the client side
> 9. route -n on the client side
> cheers,
>
>
> >[EMAIL PROTECTED] (Randy Welch) writes:
>
> > Victor Pelt wrote:
> > > same thing happened to me, shorewall configures my firewall in such a way that
> > > nothing gets though from my computer
> > > iptables -F;iptables -X;iptables -P OUTPUT ACCEPT;iptables -P INPUT ACCEPT;
> > > works as well to fix it, only i DO want some kind of firewall, but i want one
> > > that i can use myself
> >
> > shorewall by default with mandrake pretty much locks the whole machine
> > down. You have to clear it (/etc/init.d/shorewall clear) then tweak it
> > to do what you want.
> >
> > -randy
> >
> >
> >
> >
>
> --
> Florin http://www.mandrakesoft.com
> http://people.mandrakesoft.com/~florin/
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ppp0_in all -- anywhere anywhere
eth0_in all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 100/sec burst
20 LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ppp0_fwd all -- anywhere anywhere
eth0_fwd all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 100/sec burst
20 LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere state
NEW,RELATED,ESTABLISHED
fw2net all -- anywhere anywhere
all2all all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 100/sec burst
20 LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere
Chain all2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 100/sec burst
20 LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere
Chain common (5 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
icmpdef icmp -- anywhere anywhere
DROP tcp -- anywhere anywhere state INVALID
REJECT udp -- anywhere anywhere udp
dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:microsoft-ds
reject-with icmp-port-unreachable
reject tcp -- anywhere anywhere tcp dpt:epmap
DROP udp -- anywhere anywhere udp dpt:ssdp
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 224.0.0.0/4
reject tcp -- anywhere anywhere tcp dpt:ident
DROP all -- anywhere 10.0.0.255
Chain dynamic (4 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
masq2net all -- anywhere anywhere
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
masq2fw all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
Chain icmpdef (1 references)
target prot opt source destination
Chain masq2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:bootps
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootps
all2all all -- anywhere anywhere
Chain masq2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
Chain net2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp
flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 100/sec burst
20 LOG level info prefix `Shorewall:net2all:DROP:'
DROP all -- anywhere anywhere
Chain newnotsyn (5 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ppp0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
net2all all -- anywhere anywhere
Chain ppp0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
net2all all -- anywhere anywhere
Chain reject (6 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain shorewall (0 references)
target prot opt source destination
/etc/shorewall/zones:net Net Internet zone
/etc/shorewall/zones:masq Masquerade Masquerade Local
/etc/shorewall/interfaces:net ppp0 detect
/etc/shorewall/interfaces:masq eth0 detect
/etc/shorewall/policy:masq net ACCEPT
/etc/shorewall/policy:fw net ACCEPT
/etc/shorewall/policy:net all DROP info
/etc/shorewall/policy:all all REJECT info
/etc/shorewall/masq:ppp0 10.0.0.0/24
/etc/shorewall/rules:ACCEPT masq fw tcp domain,bootps -
/etc/shorewall/rules:ACCEPT masq fw udp domain,bootps -
