Re: [newbie] Ok dumb firewall question time
On Sat, 24 Jun 2000, you wrote: I followed your advise and kept at it, using your instructions above I followed almost all of them. I did not remember to deny everything you said to deny. I have a firewall! It has holes. I have to go back in and change some of the settings. I think I can do it as root in an editor, yes? I will make the attempt to change some of the settings to deny. Such as my POP3 is open and maybe telnet if I have it. Fortunatly right now I am still on a modem. In the near future I want to go to DSL or cable modem and then the firewall becomes critical...If you can tell me how to go back in and access the configuration to edit the ports I would appreciate it. I will figure it out sooner or later, but help keeps the frustration level down.. Thanks again for your assistance, Dennis:) Just re-run the install.sh, when you answer the questions differently, it'll write a new conf. For reasons I don't understand if I don't leave ports 25 and 110 open I can't receive mail. So they're open, but I never connect as other than user so I'm not worring about it. Prob'ly has somethin to do with my ISP. -- ~~ Tom Brinkman[EMAIL PROTECTED]
Re: [newbie] Ok dumb firewall question time
Dennis Myers wrote: Mark Weaver wrote: yes, and yes. here is a link to a site where you can download a very configurable firewall great for beginners. http://www.pmfirewall.com/PMFirewall/ -- Mark I love my Linux Box! REASON #1 -- ...it's not Windows! Registered Linux user #1299563 On Fri, 23 Jun 2000, Vic wrote: Is any firewall just for blocking ports or can it also protect the needed open ones like ftp 21 www 80 and so forth? I tried the mentioned firewall and once again I am feeling stupid. I loaded it and immediately could not get Netscape to load . It would stall with only the stop sign and the frame showing. I then uninstalled and got my Netscape and mail back. I must have set a closed port or deny in the wrong place. Again the documentation is not set up for virtual dummies, but only for people who have alot of experience either with Linux or as programmers etc. Anybody know what a good set of setings would be and still allow Netscape access. I keep looking for books and online documentation. Nobody writes Linux for Idiots, you have to be at least a dummy. "Life is good, just don't weaken" Dennis Registered Linux User # 180842 Dennis, Don't feel too badly about it. It took me a few trys before I got the thing working for me. It helps of you leave port 23 (SMPT) open and port 80 (HTTP) that will allow you to access your mail server and the internet. Set everything else to be closed and deny all connections. The ranges you want to deny connections to are this: these ranges are given as pairs...IP/SUBNETMASK Set the ranges as such 1.2.3.0/255.255.255.0 For the range that is yourself so you can access your mail server and the internet your range us this:127.0.0.1/255.255.255.0 Most likely your ISP assigns you a "dynamic" IP number each time you log on. That's ok. Don't worry about trying to set that. You will be asked about this. I believe the question asks something about DHCP assigning an IP address. Answer "y" to this one. Keep working at cause this is one nice little firewall. My Linux box, after being tested by the Shields Up web site was shown to be running in Full on stealth mode. I'm totally cloaked and can't be seen on the internet. The packets come in and disappear into a "Blackhole!" Never to be seen or heard from again. I LOVE IT. Here's the URL for that site if you want to test your system. https://grc.com/x/ne.dll?bh0bkyd2 Good luck and press on forward!
Re: [newbie] Ok dumb firewall question time
~*Mark*~ wrote: Dennis Myers wrote: Mark Weaver wrote: yes, and yes. here is a link to a site where you can download a very configurable firewall great for beginners. http://www.pmfirewall.com/PMFirewall/ -- Mark I love my Linux Box! REASON #1 -- ...it's not Windows! Registered Linux user #1299563 On Fri, 23 Jun 2000, Vic wrote: Is any firewall just for blocking ports or can it also protect the needed open ones like ftp 21 www 80 and so forth? I tried the mentioned firewall and once again I am feeling stupid. I loaded it and immediately could not get Netscape to load . It would stall with only the stop sign and the frame showing. I then uninstalled and got my Netscape and mail back. I must have set a closed port or deny in the wrong place. Again the documentation is not set up for virtual dummies, but only for people who have alot of experience either with Linux or as programmers etc. Anybody know what a good set of setings would be and still allow Netscape access. I keep looking for books and online documentation. Nobody writes Linux for Idiots, you have to be at least a dummy. "Life is good, just don't weaken" Dennis Registered Linux User # 180842 Dennis, Don't feel too badly about it. It took me a few trys before I got the thing working for me. It helps of you leave port 23 (SMPT) open and port 80 (HTTP) that will allow you to access your mail server and the internet. Set everything else to be closed and deny all connections. The ranges you want to deny connections to are this: these ranges are given as pairs...IP/SUBNETMASK Set the ranges as such 1.2.3.0/255.255.255.0 For the range that is yourself so you can access your mail server and the internet your range us this:127.0.0.1/255.255.255.0 Most likely your ISP assigns you a "dynamic" IP number each time you log on. That's ok. Don't worry about trying to set that. You will be asked about this. I believe the question asks something about DHCP assigning an IP address. Answer "y" to this one. Keep working at cause this is one nice little firewall. My Linux box, after being tested by the Shields Up web site was shown to be running in Full on stealth mode. I'm totally cloaked and can't be seen on the internet. The packets come in and disappear into a "Blackhole!" Never to be seen or heard from again. I LOVE IT. Here's the URL for that site if you want to test your system. https://grc.com/x/ne.dll?bh0bkyd2 Good luck and press on forward! well, I pressed on and used most of your advice , but did not totally understand what you were telling me. Anyway, the fire wall works and I am partially protected. I will have to go back in and close some of the holes I left open. I am not sure exactly how I do this. As root and open up the package in an editor? Any way your help is invaluable and the community in general provides a lot of support and good advice. Thanks, to everybody who contributes.
Re: [newbie] Ok dumb firewall question time
~*Mark*~ wrote: Dennis Myers wrote: Mark Weaver wrote: yes, and yes. here is a link to a site where you can download a very configurable firewall great for beginners. http://www.pmfirewall.com/PMFirewall/ -- Mark I love my Linux Box! REASON #1 -- ...it's not Windows! Registered Linux user #1299563 On Fri, 23 Jun 2000, Vic wrote: Is any firewall just for blocking ports or can it also protect the needed open ones like ftp 21 www 80 and so forth? I tried the mentioned firewall and once again I am feeling stupid. I loaded it and immediately could not get Netscape to load . It would stall with only the stop sign and the frame showing. I then uninstalled and got my Netscape and mail back. I must have set a closed port or deny in the wrong place. Again the documentation is not set up for virtual dummies, but only for people who have alot of experience either with Linux or as programmers etc. Anybody know what a good set of setings would be and still allow Netscape access. I keep looking for books and online documentation. Nobody writes Linux for Idiots, you have to be at least a dummy. "Life is good, just don't weaken" Dennis Registered Linux User # 180842 Dennis, Don't feel too badly about it. It took me a few trys before I got the thing working for me. It helps of you leave port 23 (SMPT) open and port 80 (HTTP) that will allow you to access your mail server and the internet. Set everything else to be closed and deny all connections. The ranges you want to deny connections to are this: these ranges are given as pairs...IP/SUBNETMASK Set the ranges as such 1.2.3.0/255.255.255.0 For the range that is yourself so you can access your mail server and the internet your range us this:127.0.0.1/255.255.255.0 Most likely your ISP assigns you a "dynamic" IP number each time you log on. That's ok. Don't worry about trying to set that. You will be asked about this. I believe the question asks something about DHCP assigning an IP address. Answer "y" to this one. Keep working at cause this is one nice little firewall. My Linux box, after being tested by the Shields Up web site was shown to be running in Full on stealth mode. I'm totally cloaked and can't be seen on the internet. The packets come in and disappear into a "Blackhole!" Never to be seen or heard from again. I LOVE IT. Here's the URL for that site if you want to test your system. https://grc.com/x/ne.dll?bh0bkyd2 Good luck and press on forward! I followed your advise and kept at it, using your instructions above I followed almost all of them. I did not remember to deny everything you said to deny. I have a firewall! It has holes. I have to go back in and change some of the settings. I think I can do it as root in an editor, yes? I will make the attempt to change some of the settings to deny. Such as my POP3 is open and maybe telnet if I have it. Fortunatly right now I am still on a modem. In the near future I want to go to DSL or cable modem and then the firewall becomes critical...If you can tell me how to go back in and access the configuration to edit the ports I would appreciate it. I will figure it out sooner or later, but help keeps the frustration level down.. Thanks again for your assistance, Dennis:)
[newbie] Ok dumb firewall question time
Is any firewall just for blocking ports or can it also protect the needed open ones like ftp 21 www 80 and so forth?
Re: [newbie] Ok dumb firewall question time
On Fri, 23 Jun 2000, Vic wrote: Is any firewall just for blocking ports or can it also protect the needed open ones like ftp 21 www 80 and so forth? Depending on how you configure things, you can hammer shut each and every port that you like. You should also be able to limit the allowed IP addresses per port. Paul -- If you lose money, you lose nothing. If you lose (the) honour, you lose a lot. If you lose your courage, you've lost everything. But if you lose friendship, then you've lost the world! )0([[EMAIL PROTECTED]])0( http://nlpagan.net - ICQ 147208 Registered Linux User 174403
Re: [newbie] Ok dumb firewall question time
yes, and yes. here is a link to a site where you can download a very configurable firewall great for beginners. http://www.pmfirewall.com/PMFirewall/ -- Mark I love my Linux Box! REASON #1 -- ...it's not Windows! Registered Linux user #1299563 On Fri, 23 Jun 2000, Vic wrote: Is any firewall just for blocking ports or can it also protect the needed open ones like ftp 21 www 80 and so forth?
Re: [newbie] Ok dumb firewall question time
Mark Weaver wrote: yes, and yes. here is a link to a site where you can download a very configurable firewall great for beginners. http://www.pmfirewall.com/PMFirewall/ -- Mark I love my Linux Box! REASON #1 -- ...it's not Windows! Registered Linux user #1299563 On Fri, 23 Jun 2000, Vic wrote: Is any firewall just for blocking ports or can it also protect the needed open ones like ftp 21 www 80 and so forth? I tried the mentioned firewall and once again I am feeling stupid. I loaded it and immediately could not get Netscape to load . It would stall with only the stop sign and the frame showing. I then uninstalled and got my Netscape and mail back. I must have set a closed port or deny in the wrong place. Again the documentation is not set up for virtual dummies, but only for people who have alot of experience either with Linux or as programmers etc. Anybody know what a good set of setings would be and still allow Netscape access. I keep looking for books and online documentation. Nobody writes Linux for Idiots, you have to be at least a dummy. "Life is good, just don't weaken" Dennis Registered Linux User # 180842
Re: [newbie] Ok dumb firewall question time
On Fri, 23 Jun 2000, you wrote: I tried the mentioned firewall and once again I am feeling stupid. I loaded it and immediately could not get Netscape to load . It would stall with only the stop sign and the frame showing. I then uninstalled and got my Netscape and mail back. I must have set a closed port or deny in the wrong place. Again the documentation is not set up for virtual dummies, but only for people who have alot of experience either with Linux or as programmers etc. Anybody know what a good set of setings would be and still allow Netscape access. You're doin fine. You understand it as well as i do, don't give up. I believe you must've answer'd the "eth0" question right. I missed that one the first time, I have a "ppp0" (dialup). IIRC, there's a few more that I changed from just takin the default answer. I believe both involved unblocking pop3 (mail) and nntp (news). Then it all worked !! 'Bout the only thing I worry about now is I still don't know a thing about firewalls ;) but I got one -- ~~ Tom Brinkman[EMAIL PROTECTED]