--- Oliver Lange <[EMAIL PROTECTED]> wrote: > Dennis Freise wrote: > > > > # emerge shorewall > > > > Setting up masquerading is a piece of a cake with shorewall. And > you definitly > > _want_ a firewall sooner or later, so go grab it, don't mess with > iptables > > itself (you can, but why, if there are easier solutions...) and get > it running. > > > > You still may want to learn more about NAT, MASQ and CONNTRACK > though, to > > understand why you need MASQ. You don't have to understand how it > is done in > > the kernel, but you have to understand what it is and why you need > it. > > 'man iptables' might help there... > > > > I'll prefer an easy-to-use firewall, and i heard from many people > that > shorewall shall be a real good choice. I will no doubt give it a try, > but: will shorewall solve my 'i can't ping to the internet' problem ? > > As long i can't use the internet, I'm still one step away from > thinking > about firewalls..
Hello Oliver, The fact that your missing: > CONFIG_IP_NF_TARGET_TOS=y > CONFIG_IP_NF_TARGET_ECN=y > CONFIG_IP_NF_TARGET_DSCP=y > CONFIG_IP_NF_TARGET_MARK=y ....just tells me that you haven't enabled a certain Netfilter or Networking selection in the kernel menu.. Anyways, I would highly suggest that you save yourself allot more time and install "Shorewall" as suggested. (you won't be disappointed) Shorewall has an awesome web site with straight-forward directions FAQ's , ect..ect.. and an awesome emailing list to boot. The maker of Shorewall himself does one of the best jobs I've seen supporting his own incantation of a firewall through the emailing list. I.E. he's continuously monitoring and responding to users on the list, it seems Full-Time and constantly keeps his web site info current with the changing times. I'm even willing to help you if you would like through my yahoo account or through my yahoo messenger account. Shorewall is almost too easy. Once you make the correct changes to your kernel and to a few shorewall files you will not have to touch anything. Everything is allowed out and everything is blocked coming in. Once you get it setup and running then you can take the time to get used to the web site and the different things that you can do with tweaking Shorewall. Meanwhile everyone is sharing the internet like you want and your running a statefull firewall to boot..Can't beat that. Don't let the word "firewall" intimidate you, especially on linux. It is, really simple. The only downside is you will have to do some reading but you should expect that out of anything linux/unix right. Not much reading though. Let me know how you would like to proceed. If you would prefer to do this on you own then these are the steps that you need to take. 1) Your Kernel needs to be setup as close to whats selected on the link below as possible first. Here's a link to the Author's kernel settings of Shorewall "Kernel menu selections" http://www.shorewall.net/kernel.htm 2) You need to read through the following link very carefully. If you do, this install will be a no-brainer. You'll be suprised. With your setup you would follow the 2 interface guide located: http://www.shorewall.net/two-interface.htm For shorewall support you have an awesome emailing list with a ton of helpful people to include the programmer of Shorewall. (Tom Eastep) If you get Shorewall up and running then just make sure to do: "rc-update add shorewall default" That should do it. Have fun if I don't here from you. If Shorewall doesn't start right away then just following the outlined trouble shooting steps and you'll be up and running in a jiff. HTH's, Joshua Banks __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- [EMAIL PROTECTED] mailing list
