LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   firewall blues (https://www.linuxquestions.org/questions/linux-networking-3/firewall-blues-46767/)

ironChimp 02-23-2003 08:06 AM

firewall blues :(
 
I have a firewall installed on my system, set up automatoically by mandrake 9 setup. This apears to cover both my ethernet card (eth0) and my modem ( externl on ttyS0).

How can i completely remove the firewall on eh0 ( i trust everything on the network, as its all my own computers), but still keep a firewall on my modem?


Any help is greatly apreciated!!!! :(

Proud 02-23-2003 08:11 AM

Shorewall right? Is it actually working properly via the MCC? I mean can you change the options and it'll keep the changes? Good to check this first ;)

I think you might need a different firewall, or to go directly to the underlying IPTables to do something like that. :)

ironChimp 02-23-2003 08:13 AM

ok, i should have said that im almost a complete nubie... ;)

Proud 02-23-2003 08:16 AM

I am too :)
In the Mandrake Control Center (MCC), the firewall section should show some reference to Shorewall. Also, when you click/unclick some of the options, do they remain as you leave them when you close MCC and open it again? There is a known problem with Shorewall atm :)

ironChimp 02-23-2003 08:33 AM

ok, in MCC i cannot see any reference to shorewall, but all that is shown is a list of ticky-boxes of services to alow the internet to access.

if i select any of these, and close MCC, once i return, they are still set to the way i put them. currentky, i've left it as one selected ause this is the default, and my shared internet connection works fine.

he fproblem that 'm haviong with the firewal is the fact that i cannot aces the samba shares from my laptop, the only computer connected to eth0. THis shares the internbt connection fine, but winxp purts out some garbage bout not finding the computer om the network.

i blame the firewall. If anyoe understands my rantings, please share your god-like knowledge ;)


Cheers

Proud 02-23-2003 08:45 AM

Well you seem to be lucky that Shorewall is working. Also you might be able to see a reference to it in the log ouput window at the bottom right of the MCC. :)

Now I suggest you await some other responses which might tell you exactly which firewall has those kinds of features (Guarddog, FireStarter??), or read up on IPTables, which is what these 'firewalls' really just aid configuration of. :)

ironChimp 02-23-2003 08:48 AM

thanks.

if i run iptables -F and ipchains -F, as someone suggested in a prevoius post, woyuld thatremove the firewall from my modem as well (modem on ttyS0)?

Proud 02-23-2003 10:28 AM

Try man iptables to find out more, but I think those commands will just attempt to 'flush' the rules. Also you'll only have iptables or ipchains running, and as you've got Mdk9.0, with the 2.4 kernel, it'll probably be iptables. :)

buttshill 02-24-2003 01:43 AM

Iron chimp,
I had a similar setup. All PC within my firewall are my own thus trustwrthy. But I still needed a firewall on my net connection.
I added two lines to the policy file.
# New lines for freeing internal ports
masq fw ACCEPT
fw masq ACCEPT
# end new lines
I use a cable modem for net connection, but I am sure you can apply the same principle.

Cheers

John

Allen614 02-24-2003 06:46 PM

http://www.linuxguruz.org/iptables/

This is about as complete a firewall page I've found. I'm playing around with Firewallbuilder (GUI).

ironChimp 02-25-2003 12:25 PM

Well thanks for all of your help ppl!

I've actually solved the problem, and it was down to ip addresses. i'll put it below for anyone wlso who may have the same problem as me.... ;)

THanks for the info on firewalls - i'll be sure to construct the most paranoid one youve ever seen by the end of the year - need it!!!

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Before i had set up the net connection sharing, i had set up the plain network - i.e. ip addresses etc. I then ran the network connection wizzard after, without testing the network stuff first ( stupid, i knw, but i used the exact details that i had on rh8, which worked perfectly). The net config wizzard ran an auto-config on m,y network again, and re set it. i altered my laptop to have a dhcp allocated address.

What i didn't kow was that i had two ip adresses bound to eth0, and that samba was broadcasting on the old ipaddress. i found this out by browsing the netconf program. According to the cnnection sharing wizzard, my desktop/server had an ip adress of 192.168.1.1, and the dhcp network address was 192.168.1.0. i thought this was fine, untill when nostalgia kicked in and i went to check the assigned ip addres to the eth0 card, and notced it was stil set to 192.168.147.2 ( the original ip i entered).

I set this to a staticx address of 192.168.1.1, and made the dhcp range from 192.168.1.16 -> 192.168.1.255. problem solved!!

ps... viva la tux!

::::::::::::::::::::::::::::::::::::

Paulus ( aka IronChimp)

l8a


All times are GMT -5. The time now is 09:26 PM.