mdk internet config problems
i recently obtained a copy of mdk linux, and i've been having a hell of a time getting it to configure internet connections, setup a firewall, etc. it seems as though mdk just "fritzes out" when i try to setup internet connections, and i'll soon explain what is meant by "fritzing out."
def'n of "fritzing out": if i set the security setting to anything above (High) or setup the firewall to try to regulate any internet services i cannot connect to the internet, even though mdk control center acknowledges that i have an ethernet card that is (up). when it tries to connect to the internet the control center gets all buggy (windows won't close, etc.) and dictates that the connection setup was failed and that an error occurred during configuration and to check my settings. my suspicions are (1) that my internet connection which is (ADSL) is somehow incompatible with the firewall or (2) that i require more knowledge to properly configure around these issues. |
I don't recommend you to use 'High' security mode if the machine's not a server. The connection may be up, but the firewall may be blocking everything (plus 'High' mode changes permissions and other things - then it's hard to use it for a desktop machine). Play with the firewall. If you find a situation when you can't connect, open a terminal, use su to become root ('su' and then root passowrd when asked) and run 'iptables -L'. It lists your current firewalling rules - your set of rules will allow someone, when you post them, to find out what's wrong.
|
I have determined the conditions under which a connection can be established.
When security settings are set to standard and the firewall is disabled (under Mandrake's control center) and the machine is rebooted, I am consistently able to connect to the internet via DSL. However, as soon as I fiddle with the Firewall settings, the internet connection ceases to work (my logs spit out lots of "Shorewall:OUTPUT:REJECT" messages) and the connection will not revive until the machine is rebooted with the Firewall disabled. I have iptabled the system in both (connected & unfirewalled) and (unconnected & firewalled) states. I guess I have to manually configure the ip table if I want to use Mandrake's firewall? ----------------- ABLE TO CONNECT, NOT FIREWALLED: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ----------------- UNABLE TO CONNECT, FIREWALLED: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere eth0_in all -- anywhere anywhere common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:' reject all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination eth0_fwd all -- anywhere anywhere common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:' reject all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere state NEW,RELATED,ESTABLISHED fw2net all -- anywhere anywhere common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:' reject all -- anywhere anywhere Chain all2all (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:' reject all -- anywhere anywhere Chain common (5 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp echo-request icmpdef icmp -- anywhere anywhere DROP tcp -- anywhere anywhere state INVALID REJECT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpt:microsoft-ds reject-with icmp-port-unreachable reject tcp -- anywhere anywhere tcp dpt:135 DROP udp -- anywhere anywhere udp dpt:1900 DROP all -- anywhere 255.255.255.255 DROP all -- anywhere 224.0.0.0/4 reject tcp -- anywhere anywhere tcp dpt:auth DROP all -- anywhere 10.0.0.255 Chain dynamic (2 references) target prot opt source destination Chain eth0_fwd (1 references) target prot opt source destination dynamic all -- anywhere anywhere Chain eth0_in (1 references) target prot opt source destination dynamic all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request net2fw all -- anywhere anywhere Chain fw2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN ACCEPT all -- anywhere anywhere Chain icmpdef (1 references) target prot opt source destination Chain net2all (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:' DROP all -- anywhere anywhere Chain net2fw (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh net2all all -- anywhere anywhere Chain newnotsyn (4 references) target prot opt source destination DROP all -- anywhere anywhere Chain reject (6 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain shorewall (0 references) target prot opt source destination |
The firewall is too restrictive - blocks much and logs everything. I think you need something simplier. Please search this site for 'iptables script'. There were many posted, many of them commented, so you can choose one that fits your situation best.
|
Guarddog! :D
For a good frontend to enabling just the ports you need. :) Then you can learn iptables. |
thx a lot for the suggestions, mara. you were right, it was too restrictive, so i went to the shorewall.net page and d/l'ed the "default" config files i needed. everything is working peachy now, taking exception to the fact that shorewall seems to have some sort of aneurysm when the command "restart" is issued. i believe this is a bug of versions < 1.3.9, so i'll try to fix it.
btw, does anyone have suggestions for firewall software besides 1) guarddog and 2) shorewall? |
All times are GMT -5. The time now is 12:08 AM. |