On Wed, Apr 02, 2003 at 01:23:45AM +0100, Derek Jennings wrote: > On Tuesday 01 Apr 2003 12:42 am, Pedro Alves wrote: > > Hello all, > > > > I live in a student residence in Aachen in Germany. > > > > I have internet access in my room, the problem is that the firewall they've > > installed is configured in a way that instead of blocking ports, everytime > > someone uses a forbiden port, he gets automatically banned from using > > internet! The first time it happened to me, I've learned that there's an > > incompatibility between CUPS searching for network printers and the > > firewall. They say it was port 511. So I've disabled CUPS service. A couple > > of days later I get network again, but after a few hours running ok, BAMM! > > no network again. This time it was port 541. > > > > The first time I was blocked, I was using Mandrake 9.0, and the second time > > I had just installed 9.1 and disabled CUPS. I think I was trying to use > > Kopete with ICQ plugin when I went down. > > > > - Is there anyway I can check which ports my PC trying to use whithout > > being connected? I'm afraid to plug in the cable, because I don't know > > which service may knock my connection down. - Does Mandrake Firewall block > > outgoing ports, or just incoming connections? if the latest is true how can > > I block outgoing ports?? > > > > Thanks in advance > > Best Regards > > Pedro Alves > > Portugal > > Yes the Mandrake firewall can block outgoing ports. Just go through the > Mandrake firewall GUI to get the firewall started, and then edit the file > /etc/shorewall/policy > > Change the line > > fw net ACCEPT to > > fw net DROP > > This will block ALL traffic from your computer to the Internet. (Restart > shorewall and you will see) > Now you must make some 'holes' in the firewall to allow the services you > want. Edit the file /etc/shorewall/rules > > add lines like this :- > ACCEPT fw net tcp http,https,ftp,25,pop3 > ACCEPT fw net udp http,https,ftp,25,pop3 > > Define all the services your university permits either by their name or port > number. You will find a list of service names/ports at /etc/services > > Then restart shorewall with > service shorewall restart > in a root terminal. > Once you have set up the files by hand. Do NOT use the Mandrake Firewall GUI > again. It will undo all your work :-(
And just in case, make a copy of the rules file somewhere else, so you can easily restor it if it gets GUIed by accident. > > HTH > > derek > > -- > ---------------------------------- > www.jennings.homelinux.net > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
