On Tuesday 26 October 2004 06:32, Russell W. Behne wrote: > Today at 00:22, Greg Meyer wrote: > > On Monday 25 October 2004 09:04 pm, Russell W. Behne wrote: > > > Ok, I got the switch, installed it, and the two hosts can ping each > > > other, but neither can ping the server, and when I try to ping either > > > host from the server I get this error message: > > > ping: sendmsg: Operation not permitted > > > Any idea what's causing this, and how to fix it? > > > > A quick google search turned up this. Does it help? > > Ok, I did this: > ]# iptables -L OUTPUT -n -v > Chain OUTPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 10175 4066K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 > 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID > 24541 1478K fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 > 4286 336K all2all all -- * eth1 0.0.0.0/0 0.0.0.0/0 > 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 > level 6 prefix `Shorewall:OUTPUT:REJECT:' 0 0 reject all -- * * > 0.0.0.0/0 0.0.0.0/0 > > Being a complete newbie at this, it appears that shorewall is blocking > ALL pings. Exactly how should I enable bidirectional pings (and > everything else for that matter) within my local network, and still > block only those pings coming from outside, (from the Internet)? I've > never had to manually config shorewall, and haven't a clue what > ccommand to use, or where to put it to make it permanent.
Yes shorewall will by default block pings from both the Internet and the local network. It will also block ALL traffic from the local network to the firewall. So if you want to run as a firewall AND as a server you must open up traffic to the local network. SHorewall is actually pretty easy to configure once you understand it. There are a number of text config files. /etc/shorewall/zones defines the zones to protect. net- is the internet, fw- is the firewall itself, loc- is the local network /etc/shorewall/interfaces defines which interface is in which zone. /etc/shorewall/policy defines the general firewall policy /etc/shorewall/masq defines masquerading (Network address translation) /etc/shorewall/rules defines exceptoins to the policy (ports you want to open) The text is self explanatory to allow ping from local net in 'rules' ACCEPT loc fw icmp 8 to open up all services from local net to firewall in 'policy' change loc fw ACCEPT Then 'shorewall restart' in a root terminal see www.shorewall.net for documentation. derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
