Dennis Myers wrote:
>
> ~*Mark*~ wrote:
>
> > Dennis Myers wrote:
> > >
> > > Mark Weaver wrote:
> > >
> > > > yes, and yes.
> > > >
> > > > here is a link to a site where you can download a very configurable
> > > > firewall great for beginners.
> > > >
> > > > http://www.pmfirewall.com/PMFirewall/
> > > >
> > > > --
> > > > Mark
> > > >
> > > > I love my Linux Box....!
> > > > REASON #1 -- ...it's not Windows!
> > > > Registered Linux user #1299563
> > > >
> > > > On Fri, 23 Jun 2000, Vic wrote:
> > > >
> > > > >Is any firewall just for blocking ports or can it also
> > > > >protect the needed open ones like ftp 21 www 80 and so forth?
> > > > >
> > >
> > > I tried the mentioned firewall and once again I am feeling stupid. I
> > > loaded it and immediately could not get Netscape to load . It would
> > > stall with only the stop sign and the frame showing. I then
> > > uninstalled and got my Netscape and mail back. I must have set a
> > > closed port or deny in the wrong place. Again the documentation is
> > > not set up for virtual dummies, but only for people who have alot of
> > > experience either with Linux or as programmers etc. Anybody know
> > > what a good set of setings would be and still allow Netscape access.
> > > I keep looking for books and online documentation. Nobody writes
> > > Linux for Idiots, you have to be at least a dummy. "Life is good,
> > > just don't weaken" Dennis
> > >
> > > Registered Linux User # 180842
> >
> > Dennis,
> >
> > Don't feel too badly about it. It took me a few trys before I got the
> > thing working for me. It helps of you leave port 23 (SMPT) open and port
> > 80 (HTTP) that will allow you to access your mail server and the
> > internet.
> >
> > Set everything else to be closed and deny all connections.
> >
> > The ranges you want to deny connections to are this:
> >
> > these ranges are given as pairs...IP/SUBNETMASK
> >
> > Set the ranges as such ----> 1.2.3.0/255.255.255.0
> >
> > For the range that is yourself so you can access your mail server and
> > the internet your range us this: 127.0.0.1/255.255.255.0
> >
> > Most likely your ISP assigns you a "dynamic" IP number each time you log
> > on. That's ok. Don't worry about trying to set that. You will be asked
> > about this. I believe the question asks something about DHCP assigning
> > an IP address. Answer "y" to this one.
> >
> > Keep working at cause this is one nice little firewall. My Linux box,
> > after being tested by the Shields Up web site was shown to be running in
> > Full on stealth mode. I'm totally cloaked and can't be seen on the
> > internet. The packets come in and disappear into a "Blackhole!" Never to
> > be seen or heard from again. I LOVE IT.
> >
> > Here's the URL for that site if you want to test your system.
> > https://grc.com/x/ne.dll?bh0bkyd2
> >
> > Good luck and press on forward!
>
> well, I pressed on and used most of your advice , but did not totally
> understand what you were telling me. Anyway, the fire wall works and I am
> partially protected. I will have to go back in and close some of the holes
> I left open. I am not sure exactly how I do this. As root and open up the
> package in an editor? Any way your help is invaluable and the community in
> general provides a lot of support and good advice. Thanks, to everybody
> who contributes.
You don't do any of the configuring in an editor. All the configuring is
done running the install script. That's why I had to run it four times
before I got it just right. Everytime I would go through it I would
remember something I left out, or something I wanted to do differently.
I'm glad to hear that it's running for you now. good Job!
