I have determined the conditions under which a connection can be established.
When security settings are set to standard and the firewall is disabled (under Mandrake's control center) and the machine is rebooted, I am consistently able to connect to the internet via DSL.
However, as soon as I fiddle with the Firewall settings, the internet connection ceases to work (my logs spit out lots of "Shorewall:OUTPUT:REJECT" messages) and the connection will not revive until the machine is rebooted with the Firewall disabled.
I have iptabled the system in both (connected & unfirewalled) and (unconnected & firewalled) states.
I guess I have to manually configure the ip table if I want to use Mandrake's firewall?
-----------------
ABLE TO CONNECT, NOT FIREWALLED:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
-----------------
UNABLE TO CONNECT, FIREWALLED:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
eth0_in all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere state NEW,RELATED,ESTABLISHED
fw2net all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere
Chain all2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere
Chain common (5 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
icmpdef icmp -- anywhere anywhere
DROP tcp -- anywhere anywhere state INVALID
REJECT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:microsoft-ds reject-with icmp-port-unreachable
reject tcp -- anywhere anywhere tcp dpt:135
DROP udp -- anywhere anywhere udp dpt:1900
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 224.0.0.0/4
reject tcp -- anywhere anywhere tcp dpt:auth
DROP all -- anywhere 10.0.0.255
Chain dynamic (2 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
net2fw all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
Chain icmpdef (1 references)
target prot opt source destination
Chain net2all (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all
ROP:'
DROP all -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
net2all all -- anywhere anywhere
Chain newnotsyn (4 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain reject (6 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain shorewall (0 references)
target prot opt source destination