urgh! its me again! managed to setup my Mandrake Network Firewall fine now. Its connected to the internet via cable modem (ethernet) on eth1. It is then connected to my lan via the hub on eth0.
The firewall has access to the internet fine, and the lan can access the firewall and its admin page fine too. All the other computers on the network are windowz comps.

The only way, however, ive managed to get the lan computers to access the net is through the proxy server, which is fine but some applications, such as outlook express (not my choice to use it by the way...) cant connect, even tho it uses the same connection settings as i.e and mozilla etc.

So naturally i thought this was a problem with the rules on the firewall, but no matter how many ways i try to tell it lan > wan smtp (25) should be allowed, nothing happens. Its as if it ignores any rules set in that area. (ive also tried shutting the telnet port but to no avail.)

i can not get ip masquerading to work either, which is a pain since applications which do not support proxies wont work.

any help would be EXTREMLY appreciated, ive looked everywhere but cant find anything that answers my questions specifically

many thanks in advance...

Please post the output of iptables -L -n -v

Then i might help u

Guillermo

Oooopsss, i forgot

also include output of all the relevant tables
iptbles -t nat -L -n -v

Guillermo

Thanks for your responce, but unfortunately, this OS being Linux Mandrake Network Security, its mainly controlled through a web browser to the server.

When trying to login directly to the server, only admin is allowed, and the iptables command does not exist. (you can not login as root at this point, dont ask me why, it just doesnt work =/)

I did however restart the server in failsafe mode, the only way i can login as root. The iptables command worked but of course no connections were present, and no connection information.

If there are any other ways of doing this and accessing iptables through MDF i would greatly appreciate a responce.

One other note, when loggin on through a browser, going to the proxy settings, then content filter, theres a command there that says 'add iptables rules'. The help file doesnt even refer to it. Does anyone know what this does?

Thanks in advance

Hi

I don't know anything about LMNS OS... sorry.
However, if the iptables command worked in the failsafe mode, iptables command is there.
Maybe your path for admin user does not include the path for iptables command.
Check what's the absolute path of the iptables command when in failsafe mode and try it whe logged as admin.

Regarding add iptables rules commans in your web interface, it seems that's exactly what u need to tweak your iptables config from the web (it seems a web frontend to the iptables command).

Guillermo

Thanks again for your reply.

Unfortunately admin cannot access iptables command, or any other it seems. =/

Also, the 'add iptables rules'... well... does nothing, it seems. Just runs through and goes back, no other options.

Although i have found some interesting points. Other blighters on the net have found the same problems, but have found editing the squid .conf helps (which i dont know how to do) and others have found danguardian (which also runs along side squid) to cause a few problems.

The interface allow you to disable url filtering and content filtering (dansguardian) but this doesnt help.

What I need are the ports for each service. I know the http port on the proxy server must be 3328, (as default) and when dansguardian was running it filtered on 8080.

Either that, or i need to get masquerading working to bypass the proxy server for progs such as mail clients which use smtp.

*sigh*

Ill get there one day eh?

Cheers,

scammeh^

One more thing:

Any firewall rules i change (MNF runs Shorewall) dont have any effect, unless i change the default rules, which really dont help my situation.

*starts praying...* i kinda convinced our manager this would be a good idea to change to MNF linux instead of using our winxp gateway... i know itll work but it needs to be kinda soon!!

All help appreciated!! =]

scammeh^

just wondering if you have an update.

I am in kinda the same boat (convinced my manager to let me use MNF) but can't get it working. The difference is, I can't connect to my network at all, so I haven't even gotten to the browser interface yet.

Hmmm, well i dont know how youve tried to set it up, if you could give me a little more information, i can tell you what i do know =]

maybe it'll help,

scammeh^

What happens when you 'su' from the admin account to root?

Hi Scammeh

You can login to the server as root. Don't use the browser interface. Go directly to the MNF machine, boot as regular linux.

Log on as admin, password. at the bash$ prompt, type su and at the password prompt, type in the root password. Now you are logged on as root, and your iptables commands will work.

With MNF to get to root you have to log in twice.

HTH

--a

Hey, it looks to me like you are attempting to telnet into the machine as root
This (now a days usually) is not possible. You can:

A: telnet in and use su to switch to the root user account.

B: get sshd (secure shell daemon) working if not already and ssh in as root. For this you need a ssh client on you windows machine. I recommend Putty. Make sure to set it to ssh
After you get it working and log in you really should use ssh and disable telnet. Telnet is weak and untrustable.

C log in physically and use su as suggested.

In all cases you may have to try 'whereis iptables' and use the full path as the paths are not always set very well when logging in.

I dont know MNF. Sounds a little goofy to me that a network firewall would allow such a weak and known security problem like 'telnetd' to allow you access to the machine in the first place.