LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-14-2005, 06:42 PM   #1
NNP
Member
 
Registered: Nov 2004
Distribution: Debian/Ubuntu
Posts: 156

Rep: Reputation: 30
Configuring shorewall


Hi, for some reason when i have shorewall enabled i cant use the internet properly (basically if i try to connect to any sites i get a "host cannot be found" error)/

I disabled shorewall and everthing works fine. Now i need to re write the policy though and hope it works. If anyone could suggest a good policy I would appreciate it. This is the policy im using (its a default)

SOURCE DEST ACTION LOG
fw net ACCEPT
net all DROP info
all all REJECT info

Unfortunately though that doesnt seem to work for some reason and if i have shorewall activated with those settings nothing works. Could it be line 2 thats causing the problem? Dropping all incoming connections?

Thanks,
NNP

Last edited by NNP; 06-14-2005 at 06:47 PM.
 
Old 06-15-2005, 08:53 AM   #2
llmmix
Member
 
Registered: Jun 2005
Posts: 73

Rep: Reputation: 15
http://shorewall.sourceforge.net/sho...tart_guide.htm

Quote:
for some reason when i have shorewall enabled
excuse me, what is the reason?
 
Old 06-15-2005, 04:39 PM   #3
NNP
Member
 
Registered: Nov 2004
Distribution: Debian/Ubuntu
Posts: 156

Original Poster
Rep: Reputation: 30
Im not entirely sure. Basically I can dial into my isp fine but after that if i try to connect to a site i get a "host cannot be found" error as well as that I cant ping any sites etc.

Could it be the last two lines of my shorewall config that are doing that? To me it looks like they drop or reject every packet i recieve?

Thanks
 
Old 06-15-2005, 05:55 PM   #4
llmmix
Member
 
Registered: Jun 2005
Posts: 73

Rep: Reputation: 15
Quote:
dial into my isp
http://shorewall.sourceforge.net/PPTP.htm#PPTP_ADSL

by the way, i recommend firestarter or fwbuilder it can handle cable and adsl both easy.

http://freshmeat.net/projects/firestarter/
http://freshmeat.net/browse/151/
http://www.fwbuilder.org/
 
Old 06-16-2005, 05:43 AM   #5
pintooo15
Member
 
Registered: May 2004
Location: India
Distribution: openSUSE Tumbleweed
Posts: 94

Rep: Reputation: Disabled
i am too facing the exact same problem...getting connected to isp but can't browse sites.
most people suggest only allow the services/ports you need to. like maybe port 80 for web 110 for pop3 etc. but some software have their own ports and protocol, how does one find out...like for example the instant messaging clients. etc.

most guides are written for cable/adsl i.e. fixed ip connections.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
configuring shorewall (firewall) mrbig Linux - Software 2 09-09-2005 12:15 PM
configuring shorewall on slackware b0nd Linux - Newbie 7 09-02-2005 06:12 AM
Need help configuring shorewall and valknut Pedia Linux - Networking 0 09-01-2005 10:44 AM
Configuring Shorewall? unixfreak Linux - Security 1 08-22-2004 01:24 AM
Configuring Shorewall jriis Linux - Security 1 11-03-2003 02:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration