~*Mark*~ wrote:
> Dennis Myers wrote:
> >
> > Mark Weaver wrote:
> >
> > > yes, and yes.
> > >
> > > here is a link to a site where you can download a very configurable
> > > firewall great for beginners.
> > >
> > > http://www.pmfirewall.com/PMFirewall/
> > >
> > > --
> > > Mark
> > >
> > > I love my Linux Box....!
> > > REASON #1 -- ...it's not Windows!
> > > Registered Linux user #1299563
> > >
> > > On Fri, 23 Jun 2000, Vic wrote:
> > >
> > > >Is any firewall just for blocking ports or can it also
> > > >protect the needed open ones like ftp 21 www 80 and so forth?
> > > >
> >
> > I tried the mentioned firewall and once again I am feeling stupid. I
> > loaded it and immediately could not get Netscape to load . It would
> > stall with only the stop sign and the frame showing. I then
> > uninstalled and got my Netscape and mail back. I must have set a
> > closed port or deny in the wrong place. Again the documentation is
> > not set up for virtual dummies, but only for people who have alot of
> > experience either with Linux or as programmers etc. Anybody know
> > what a good set of setings would be and still allow Netscape access.
> > I keep looking for books and online documentation. Nobody writes
> > Linux for Idiots, you have to be at least a dummy. "Life is good,
> > just don't weaken" Dennis
> >
> > Registered Linux User # 180842
>
> Dennis,
>
> Don't feel too badly about it. It took me a few trys before I got the
> thing working for me. It helps of you leave port 23 (SMPT) open and port
> 80 (HTTP) that will allow you to access your mail server and the
> internet.
>
> Set everything else to be closed and deny all connections.
>
> The ranges you want to deny connections to are this:
>
> these ranges are given as pairs...IP/SUBNETMASK
>
> Set the ranges as such ----> 1.2.3.0/255.255.255.0
>
> For the range that is yourself so you can access your mail server and
> the internet your range us this: 127.0.0.1/255.255.255.0
>
> Most likely your ISP assigns you a "dynamic" IP number each time you log
> on. That's ok. Don't worry about trying to set that. You will be asked
> about this. I believe the question asks something about DHCP assigning
> an IP address. Answer "y" to this one.
>
> Keep working at cause this is one nice little firewall. My Linux box,
> after being tested by the Shields Up web site was shown to be running in
> Full on stealth mode. I'm totally cloaked and can't be seen on the
> internet. The packets come in and disappear into a "Blackhole!" Never to
> be seen or heard from again. I LOVE IT.
>
> Here's the URL for that site if you want to test your system.
> https://grc.com/x/ne.dll?bh0bkyd2
>
> Good luck and press on forward!
I followed your advise and kept at it, using your instructions above I
followed almost all of them. I did not remember to deny everything you
said to deny. I have a firewall! It has holes. I have to go back in and
change some of the settings. I think I can do it as root in an editor,
yes? I will make the attempt to change some of the settings to deny. Such
as my POP3 is open and maybe telnet if I have it. Fortunatly right now I
am still on a modem. In the near future I want to go to DSL or cable modem
and then the firewall becomes critical... If you can tell me how to go
back in and access the configuration to edit the ports I would appreciate
it. I will figure it out sooner or later, but help keeps the frustration
level down.. Thanks again for your assistance, Dennis :)
