I have a RedHat Linux 8.1 running as a server/router with a DSL connection with Win98 as clients... I have some applications on each workstations that require me to turn off the Linux Firewall (e.g. Kazaa, WebCam of Yahoo! Messenger). I've tries almost all of the suggestions within the posts i can find regarding Firewalls. Nothing seems to solve my problem, my Kazaa still can't connect and my Y!M videoCam feature sill won't work... I'll appreciate any help anyone can give me... thanks...

I have some applications on each workstations that require me to turn off the Linux Firewall (e.g. Kazaa, WebCam of Yahoo! Messenger).
Don't, adjusting the rules shouldn't be that hard.

I've tries almost all of the suggestions within the posts i can find regarding Firewalls.
Tell us which ones. Talking *about* them ain't gonna solve it, right?

Here's two things I would like you to do.
I. Add, and make sure every rule of in and outbound traffic on the fw is logged. This is the start of any basic troubleshooting, because reading back the logs you know what kind of traffic goes out, where it goes and to which ports. Reading the DROP lines will get you a feel for what's missing soon enough. Try each app a few times and in between try to get a grip on the patterns (TCP/UDP, IP or ranges, ports). Once you have them, try to build rules for them.

II. Google around for the ports P2P apps and IM's use. Correlate this with the rules you made as a result of the previous item. Adjust your rules and try them out. Again note DROP rules and adjust your rules.

Finally post your fw script and the IM/P2P rules you tried here, then we got a base to go over it. Other LQ members may see this as too complicated and may offer you the rules directly, but IMO this is the best approach to learn it and apply your knowledge again when needed in another situation, keep that in mind.

uh, i don't know how to set rules... sorry...

I have been searchin for help on *nix fw for a few days now, and i must say that is the BEST advice i've found.
I just wanted to post that, with my thanks.

Zyen

I'm rather astounded to find someone is willing to make his first post a compliment... Anyway, thnx Zyen, it's good to get feedback.

Foreplay, did you read at least some docs on Linux firewalling? (Just checking where we should start, ok)

unSpawn,
I call 'em like i see 'em.
anyway, with that single piece of advice, i was able to set my firewall pretty much like i wanted it.
now for the rest (like foreplay is talking about with yahoo!, etc).

foreplay, good luck. if i find out any advice when i get mine working that i feel should be passed on, i'll let ya know.

Zyen

re : Foreplay, did you read at least some docs on Linux firewalling? (Just checking where we should start, ok)

nope... sorry, couldn't find any docs that could be of help...

Newbie always tought a firewall gonna drop apps like Kazaa or ICQ because stupid winbloze firewall (if we can call it like this) are too bad and so drop this trafic.
Linux firewall aren't dumb (especially because YOU have to code your own rules) they will not drop anything you don't want too...

have you TRIED the linux firewall before complaining?

uh, i am running a linux firewall...

Running Kazaa without a firewall is almost like asking to be hacked. Everyone you are downloading from/uploading to knows your IP addy. I guess the question now is what firewall? The default one with RH? I'm not familiar with how it works, but here is a page that tells you what you'll need to open -

Kazaa - http://www.pcflank.com/fw_rules_for_app.htm?appid=101

Messenger - http://www.pcflank.com/fw_rules_for_app.htm?appid=137

So if you know how to futz with your ports you should be all good.

Thanks, Read_Icculus! Excellent!
I totally forgot about the Pcflank ports database.
I'll add it to the "FAQ: Security references" thread.

how do i set rules??? can anyone post in a step by step process if noone minds... tnx...

Well... how did you set them up when you set up the RH server/router in the first place? Using a GUI?

you have a firewall but never set rules?
strange...

Half, don't post useless comments. Help out or bail out.