this is what i get if i type in iptables -L and for grep... p.s. i use drakxconf-45
On Thu, 2002-09-12 at 11:23, Florin wrote: > Hi there, > > this is the standard procedure: > 1. configure your internet connection with draknet > 2. configure your internet access with draknet > 3. configure your security or internet sharing > 4. try if it works > 5. grep -v ^# /etc/shorewall/{zones,interfaces,policy,masq,rules} |grep -v > ^$ > > and send us the output > > 6. with the sharing connection enabled, can you ping a real web IP address ? > In that case the you have name resolution problem. > > 7. server named status on firewall > 8. cat /erc/resolv.conf on the client side > 9. route -n on the client side > cheers, > > > >[EMAIL PROTECTED] (Randy Welch) writes: > > > Victor Pelt wrote: > > > same thing happened to me, shorewall configures my firewall in such a way that > > > nothing gets though from my computer > > > iptables -F;iptables -X;iptables -P OUTPUT ACCEPT;iptables -P INPUT ACCEPT; > > > works as well to fix it, only i DO want some kind of firewall, but i want one > > > that i can use myself > > > > shorewall by default with mandrake pretty much locks the whole machine > > down. You have to clear it (/etc/init.d/shorewall clear) then tweak it > > to do what you want. > > > > -randy > > > > > > > > > > -- > Florin http://www.mandrakesoft.com > http://people.mandrakesoft.com/~florin/
Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ppp0_in all -- anywhere anywhere eth0_in all -- anywhere anywhere common all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 100/sec burst 20 LOG level info prefix `Shorewall:INPUT:REJECT:' reject all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ppp0_fwd all -- anywhere anywhere eth0_fwd all -- anywhere anywhere common all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 100/sec burst 20 LOG level info prefix `Shorewall:FORWARD:REJECT:' reject all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere state NEW,RELATED,ESTABLISHED fw2net all -- anywhere anywhere all2all all -- anywhere anywhere common all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 100/sec burst 20 LOG level info prefix `Shorewall:OUTPUT:REJECT:' reject all -- anywhere anywhere Chain all2all (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN common all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 100/sec burst 20 LOG level info prefix `Shorewall:all2all:REJECT:' reject all -- anywhere anywhere Chain common (5 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp echo-request icmpdef icmp -- anywhere anywhere DROP tcp -- anywhere anywhere state INVALID REJECT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpt:microsoft-ds reject-with icmp-port-unreachable reject tcp -- anywhere anywhere tcp dpt:epmap DROP udp -- anywhere anywhere udp dpt:ssdp DROP all -- anywhere 255.255.255.255 DROP all -- anywhere 224.0.0.0/4 reject tcp -- anywhere anywhere tcp dpt:ident DROP all -- anywhere 10.0.0.255 Chain dynamic (4 references) target prot opt source destination Chain eth0_fwd (1 references) target prot opt source destination dynamic all -- anywhere anywhere masq2net all -- anywhere anywhere Chain eth0_in (1 references) target prot opt source destination dynamic all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request masq2fw all -- anywhere anywhere Chain fw2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN ACCEPT all -- anywhere anywhere Chain icmpdef (1 references) target prot opt source destination Chain masq2fw (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:bootps ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootps all2all all -- anywhere anywhere Chain masq2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN ACCEPT all -- anywhere anywhere Chain net2all (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN common all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 100/sec burst 20 LOG level info prefix `Shorewall:net2all:DROP:' DROP all -- anywhere anywhere Chain newnotsyn (5 references) target prot opt source destination DROP all -- anywhere anywhere Chain ppp0_fwd (1 references) target prot opt source destination dynamic all -- anywhere anywhere net2all all -- anywhere anywhere Chain ppp0_in (1 references) target prot opt source destination dynamic all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request net2all all -- anywhere anywhere Chain reject (6 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain shorewall (0 references) target prot opt source destination
/etc/shorewall/zones:net Net Internet zone /etc/shorewall/zones:masq Masquerade Masquerade Local /etc/shorewall/interfaces:net ppp0 detect /etc/shorewall/interfaces:masq eth0 detect /etc/shorewall/policy:masq net ACCEPT /etc/shorewall/policy:fw net ACCEPT /etc/shorewall/policy:net all DROP info /etc/shorewall/policy:all all REJECT info /etc/shorewall/masq:ppp0 10.0.0.0/24 /etc/shorewall/rules:ACCEPT masq fw tcp domain,bootps - /etc/shorewall/rules:ACCEPT masq fw udp domain,bootps -