MandrivaThis Forum is for the discussion of Mandriva (Mandrake) Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just found out that Shorewall doesn't start. It used to but apparently it doesn't anymore. I have only used the gui to change the settings. It does display an error message on boot, but you need to have superman read speed to be able to see it. Shorewall doesn't start on boot and just leaves my cable connection naked. I found out by accident.
Anyway the output:
Code:
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Available
Determining Zones...
Zones: net
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Error: Undefined zone loc
Terminated
I have also tried Firestarter, installed using urpmi, but it gives me:
Code:
A proper configuration for Firestarter was not found. If you are running Firestarter from the directory you built it in, run 'make install-data-local' to install a configuration, or simply 'make install' to install the whole program.
Firestarter will now close.
I know software firewalls running on the same box are bullshit anyway, but I'd like it to run nonetheless.
Can anyone help me fire up one of these?
Y recommend you to create a firewall file whit the firestarter program to suit your needs and the just copy it to the /etc directory and run it in the local.rc file.
add a line like this and it have to start the rules when the machine reboot.
you probably need to edit a few config files (or at least one) in /etc/shorewall/ to get shorewall set up properly. usually "interfaces" is all you'll have to edit. unfortunately, i'm at work so i can post any examples. if you could post your connection type & method (IE: dsl? adsl? ppp0e? dhcp? dial up? router? networked? etc...) & if you want to use shorewall, i can help you out later tonight when i'm released from hell........erm, i mean work.
what you can try in the interim, is in terminal as root, type service shorewall stop (just to make sure shorewall is shutdown). then, go to MCC->security->shorewall & check which protocal boxes you want to allow to connect, check the enable/use shorewall box, click apply. then go back to terminal as root & type service shorewall start & try to make a connection. if you can't connect due to the firewall, do service shorewall stop to stop it.
Your shorewall config just isn't set quite right. It's easy to fix but need to adjust the rules. Probably have to see your shorewall rules, like /etc/shorewall/rules /etc/shorewall/zones and such...
Do you have a loc zone? or are you using net and masq zones? looks like you only have net there???
I was using shorewall quite a bit, but moved to smoothwall - ie I got an old P166, installed smoothwall and use it as firewall router to my local little network. Much easier to set up and configure
My rules file only contains one line, that is to accept connections to port 6881 (guess why ).
My zones contains one line: 'net Net Internet zone'. When I add 'loc Loc Local zone' Shorewall will load but almost all ports are unprotected.
My interfaces, one line: 'net eth0 detect'.
My policy contains:
Code:
fw net ACCEPT
fw loc ACCEPT
net all DROP info
all all REJECT info
provided you are using MDK10.0 with an adsl connection (you didn't specify, so i'm not sure), try the following.........
first, stop shorewall by typing in a terminal as root..........
Code:
service shorewall stop
(hit enter)
then go to mcc->security->firewall & check/uncheck whichever protocals you want to allow/disallow. then edit the following files as such........
Quote:
My zones contains one line: 'net Net Internet zone'. When I add 'loc Loc Local zone' Shorewall will load but almost all ports are unprotected.
if that's exactly what your lines in "zones" look like, then you have one too many entries. here's what mine looks like. try changing that to this............
Code:
#ZONE DISPLAY COMMENTS
net Net Internet zone
loc Local Local
Quote:
My interfaces, one line: 'net eth0 detect'.
try making the "interfaces" look like this.........
Code:
#ZONE INTERFACE BROADCAST OPTIONS
net ppp+ detect
loc eth0 detect
(note, in MDK9.2 the net->interface line would be ppp0 NOT ppp+)
Quote:
My policy contains:
fw net ACCEPT
fw loc ACCEPT
net all DROP info
all all REJECT info
try making "policy" look like this...........
Code:
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info
then in terminal as root type..........
Code:
service shorewall start
(hit enter)
if you want to test the firewall, here are 2 very good resources for that. go to GRC.com & click on the "shields up" link half way down the page, follow the instructions. another good one is DSLReports.com, go to the "test & tools" link on the left, then "port scan" near the bottom.
let me know if that worked.
otis
Last edited by otish1000c; 08-06-2004 at 05:19 AM.
I edited them all, following your post, except for interfaces. It think ppp+ is for dial up. Anyway, it works now. It's blocking most ports now with some weird exceptions, according Shields Up, it's not blocking port 113.
Anyone know how I can make it stealth 113 also?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
).
