I'm Sorry, I should have went in to more detail yes I agree I think it is
drakfw's
configuration is broken.
-Original Message-
From: Jack Coates [mailto:[EMAIL PROTECTED]
Sent: Saturday, November 15, 2003 12:25 AM
To: Mandrake Expert List
Subject: RE: [expert] shorewall
I have three
the same think I did at home for 9.0 in control center and it
works. Just on 9.2 it's broken.
-Original Message-
From: Thomas Backlund [mailto:[EMAIL PROTECTED]
Sent: Friday, November 14, 2003 4:27 PM
To: [EMAIL PROTECTED]
Subject: Re: [expert] shorewall
From: Lawson
From: Lawson, Jim [EMAIL PROTECTED]
Thomas I will Monday. I installed iptables and it works. 9.2 shore wall is
broken. I did the same think I did at home for 9.0 in control center and
it
works. Just on 9.2 it's broken.
What do you mean you installed iptables ???
Shorewall is an iptables based
From: Lawson, Jim [EMAIL PROTECTED]
Did this below still nothing everything stops... Can you help more Please.
the three last lines of /etc/shorewall/routestopped should be:
--- cut ---
#INTERFACE HOST(S)
eth0
#LAST LINE...
--- cut ---
[EMAIL PROTECTED] shorewall]# service shorewall
To: [EMAIL PROTECTED]
Subject: Re: [expert] shorewall
From: Lawson, Jim [EMAIL PROTECTED]
Did this below still nothing everything stops... Can you help more Please.
the three last lines of /etc/shorewall/routestopped should be:
--- cut ---
#INTERFACE HOST(S)
eth0
#LAST LINE...
--- cut
and why could
you submit a bug at bugs.mandrakelinus.com ... thanks.
James
-Original Message-
From: Thomas Backlund [mailto:[EMAIL PROTECTED]
Sent: Friday, November 14, 2003 4:27 PM
To: [EMAIL PROTECTED]
Subject: Re: [expert] shorewall
From: Lawson, Jim [EMAIL PROTECTED
: Friday, November 14, 2003 4:27 PM
To: [EMAIL PROTECTED]
Subject: Re: [expert] shorewall
From: Lawson, Jim [EMAIL PROTECTED]
Did this below still nothing everything stops... Can you help more Please.
the three last lines of /etc/shorewall/routestopped should be:
--- cut ---
#INTERFACE
Hi
Could someone please tell me how to configure shorewall to allow a
windows pc to use the linux net connection and also keep port 4662 (tcp)
and 4672 (udp) for aMule
If I use DrakGw it knocks off aMule
Thanks for any advice you can give
Mike
Want to buy your Pack or Services from
Hi ,
there is very good documentation on the shorewall site
The request is a bit vague, how many interfaces do you have, ?
what is your inet interface ?,
If your inet interface is ethernet ,I'll send you copies of my config
files.
I would seriously suggest if your using shorewall and drakconf
Hi ,
I have a problem with my pocket pc 2002 and shorewall config.
I have opened the ports (990,5678,5679) and the pocket is working fine with
synce for linux!
I want to give to the pocket pc internet access through my firewall.
I am newbie in linux and had stuck in this point.
Here is my
Hiya, I want to be able to run some software on my
workstation that requires users to connect to port 9000.
This read as a pretty simple task, but has gotten
more and more complicatd that finally, I am looking for help (not for the first
time and I am sure it wont be the last)
I was sure
default mandrake shorewall config is... not so good. Read up on
http://www.shorewall.net, reconfigure it and you'll be fine.
On Thu, 2003-07-03 at 21:06, Joseph Loo wrote:
I recently installed a fresh copy of Mandrake 9.1 and included the
shorewall firewall. I have a modem hookup. When I try
Joseph Loo wrote:
I recently installed a fresh copy of Mandrake 9.1 and included the
shorewall firewall. I have a modem hookup. When I try to ping a site
e.g. www.ibm.com the system never seems to respond. It looks like the
firewall is preventing something from happening. I have enable the
I recently installed a fresh copy of Mandrake 9.1 and included the
shorewall firewall. I have a modem hookup. When I try to ping a site
e.g. www.ibm.com the system never seems to respond. It looks like the
firewall is preventing something from happening. I have enable the
shorewall to allow
service iptables stop will reset all rules to allow much the same
as shorewall 'clear'
rgds
Franki
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Jim C
Sent: Saturday, 5 July 2003 12:16 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall
I
I understand that, but it helps to let you know that the dns resolution
has been solved. It will at least comeback with the ip address which
indicates the dns is okay. That is what I was looking for on that
particuliar ping.
Larry Sword wrote:
Joseph Loo wrote:
I recently installed a fresh
I just figured out why the ping did not return the addres. It seems that
the /etc/resolv.conf file is not being updated properly by kpp. It was
not adding the nameserver address in properly. I also modified the
shorewal interface, policy, and zone files to allow me to go out.
Joseph Loo wrote:
I recently installed a fresh copy of Mandrake 9.1 and included the
shorewall firewall. I have a modem hookup. When I try to ping a site
e.g. www.ibm.com the system never seems to respond. It looks like the
firewall is preventing something from happening. I have enable the
shorewall to allow
On Sun, 2003-03-23 at 10:16, Joan Tur wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hallo!
In my laptop I've got wired nic (eth0) and wireless nic (eth1). After
modifying /etc/shorewall/interfaces it is as shown:
- --
#ZONEINTERFACE BROADCAST OPTIONS
net
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Es Diumenge 23 Març 2003 20:09, en Jack Coates va escriure:
On Sun, 2003-03-23 at 10:16, Joan Tur wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hallo!
In my laptop I've got wired nic (eth0) and wireless nic (eth1). After
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim C wrote on Mon, Mar 10, 2003 at 02:28:10PM -0800 :
So basically the local network and the firewall box can talk to anyone
but, as defined below, not anyone can talk back.
Not quite. If you send a packet out, a reply coming back in (aka talk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No. You're allowing people to ssh directly to your firewall. That's
not safe. At the very least use tcpwrappers to limit what IP's can
connect to the sshd daemon. Even better, limit it to key based ssh'ing
(ie no interactive login).
Make
Can somebody cross check me here?
I've got shorewall from the shorewall website, instead of from Mandrake
as suggested in the shorewall guide. It seems to be much easier to use
and I've set it up on my server/gateway box.
Later I'll have some hardware available to seperate the gateway from the
Richard Humphrey [EMAIL PROTECTED] wrote:
I have seen in the archives where it talks about Samba and Shorewall
having problems. I have followed the instructions from Shorewall bout
how to set the firewall. Still does not work. Has anyone gotten this
to work and if so, can you explain what you
I have seen in the archives where it talks about Samba and Shorewall
having problems. I have followed the instructions from Shorewall bout
how to set the firewall. Still does not work. Has anyone gotten this to
work and if so, can you explain what you did to fix it? Thanks. I am
unable to access
How about a reference to those instructions?
Richard Humphrey wrote:
I have seen in the archives where it talks about Samba and Shorewall
having problems. I have followed the instructions from Shorewall bout
how to set the firewall. Still does not work. Has anyone gotten this to
work and if so,
]
Subject: Re: [expert] Shorewall+Samba
How about a reference to those instructions?
Richard Humphrey wrote:
I have seen in the archives where it talks about Samba and Shorewall
having problems. I have followed the instructions from Shorewall bout
how to set the firewall. Still does not work. Has
firewall and still no dice.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim C
Sent: Wednesday, February 26, 2003 10:17 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall+Samba
How about a reference to those instructions?
Richard Humphrey wrote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hallo!
I was having problems trying to configure a wireless nic (configured as eth1),
and then I had a look at system log and found that shorewall was blocking
32768 udp port accesses.
So I added that port to shorewall's rules and that was it...
Here are the settings in my rules file. The reject statements at the
bottum were added by me and don't seem to work:
ACCEPT net fw udp 53,22,20,21 -
ACCEPT net fw tcp 53,22,20,21 -
ACCEPT masqfw udp 53,22,20,21,631 -
ACCEPT masqfw tcp
I got Samba working through the firewall but now for some reason I
cannot ssh in from outside of my local network. Perhaps my test
procedure is in error. I've been ssh'ing out to another server and then
attempting to ssh back. Shouldn't this work?
Here is my config:
Processing
I was unable to get connection sharing to work with 9.0, and suspected that
shorewall was the culprit. I browsed through the documentation at
http://www.shorewall.net/FAQ.htm#faq15
which led me to check the configuration in /etc/shorewall/masq. I changed
eth0
Jack Coates wrote:
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
relay spam mail through my server clogging up my
Jim C wrote:
Jack Coates wrote:
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
relay spam mail through my server
as well, but you can stick to the basics if you
don't need any of it..
rgds
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jim C
Sent: Saturday, 30 November 2002 10:48 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall Follies - It's drivin
Jack Coates wrote:
and I also recommended Monmotha for a reason :-) It's a lot easier than
shorewall because it only battens down the external interface.
I find gShield rated better than MonMotha. I use it. Very easy to
install as well.
http://muse.linuxmafia.org/gshield.html
--
Ron.
support for stuff
you have to patch iptables to use.
rgds
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ron Stodden
Sent: Saturday, 30 November 2002 11:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall Follies - It's drivin' me NUTS
Man, where were you 4 weeks ago. ;-)
Franki wrote:
yes, its called gShield.. (http://muse.linuxmafia.org/gshield.html)
...
wrappers for this sort of thing, though.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Why not suggest it? Surely they must have a means of getting input from
thier users and if they don't have a suggestion box perhaps they should
get one.
Franki wrote:
yeah, the new 2.8 version of gShield has alot of extra stuff I hadn't
expected..
Its one very good firewall..
I've been using
Just use smoothwall.org its great, even if the developers are cocky and
not arogant :)
JG
Jim C wrote:
Why not suggest it? Surely they must have a means of getting input from
thier users and if they don't have a suggestion box perhaps they should
get one.
Want to buy your Pack or Services
rules...
Its on the same site as gShield.
rgds
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jim C
Sent: Sunday, 1 December 2002 2:26 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall Follies - It's drivin' me NUTS!!
Man, where were you
, then I will.
more FYI :-)
rgds
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jim C
Sent: Sunday, 1 December 2002 2:32 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Shorewall Follies - It's drivin' me NUTS!!
Why not suggest it? Surely they must
Yes it is a poort security practice IF you have something to protect. My
system is a simple home system and of course I have limited resources that
dictate weather or not I even get a firewall or fileserver. Perhaps someday
when I have an old box I can use as a firewall I will set things up
OK, same problem.
Where can I find out the most common uses for individual ports and how
can I find out what a linux box is using those ports for?
Jim C wrote:
Thanks Sebastien. As you can see, there are only three files that are
different and only two of those matter. There is a problem
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
relay spam mail through my server clogging up my logs right now in
http://www.monkeynoodle.org/lrp/lrp-firewall-faq.html
you can grep /etc/services to see what the port is supposed to be used
for. As far as what is really using it, netstat -atun and lsof might
give you some clues, as well as telnet localhost [portnumber].
On Fri, 2002-11-29 at 15:21, Jim C
Jack Coates wrote:
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
relay spam mail through my server clogging up my
On Fri, 2002-11-29 at 18:48, Jim C wrote:
Jack Coates wrote:
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
Well I've got the shorewall rules for samba figured out. Please correct
my work if I've made any mistakes. Port 445 is the port that XP/2K use
for this purpose and the website did not take XP/2K into account. Port
631 is a network printer which may be important when I get around to
putting
On Fri, 2002-11-29 at 18:48, Jim C wrote:
Jack Coates wrote:
I know the shorewall question can be resolved, but as KevinO points out
it shouldn't be resolved by someone who's not fully aware of the issues
at stake.
In the last five days I've gotten nearly a thousand denied attempts to
HAaaAAAaaalp! ;-)
Background: Server is Mdk 9.0 and my two clients are XP boxes.
I can't get Samba, shorewall and Connection Shareing to play nice on the
same box. If two of them work then the third does not. The shorewall
website says to add these rules to /etc/shorewall/rules:
[]# cat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This probably isn't what you want to hear but...
A firewall should be a firewall and NOT a file server. It is poor security
practice to put anything on a firewall box that is not absolutely required.
Use your existing box as a file server and get
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hallo!
I've started drakconf - security - firewall, and enabled web server, ssh,
ftp and cups.
Then I am able to access that PC from the net using http, ftp, ssh... but not
cups. The other PC is no longer able to see that printer.
TIA
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've found it. I have to select cups in both computers, not only at the one
where the printer is connected to O8-)
Es Dimecres 30 Octubre 2002 17:22, en Joan Tur va escriure:
Hallo!
I've started drakconf - security - firewall, and enabled web
54 matches
Mail list logo