LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-21-2003, 09:14 AM   #1
neilcpp
Member
 
Registered: Jul 2003
Location: England
Distribution: Debian Jessie, FreeBSD 10.1 anything *nix to get my fix
Posts: 329

Rep: Reputation: Disabled
Please help me: Shorewall firewall can only ping out


Hi - this is a security software problem, not a networking problem.

Ive installed shorewall 1.4.7 and followed the procedures in the quick start guide. Ive got serious problems and need some help. This is my setup:

1. dedicated Firewall machine running Mandrake (2.4.18-6mdk Kernal) with two interfaces. Interface eth0 has the ip address assigned by DHCP on boot up. Intereface eth1 has my internal self assigned ip address: 10.10.10.254.

2. I have two pcs behind the firewall on local subnet 10.10.10.1 and 10.10.10.2, with netmask 255.255.255.0 & default gateway set to 10.10.10.254.

I followed the quick start guides several times and used the recommended sample two-interface set up files from the website www.shorewall.net. Basically these are supposed to have pre-configuired settings for the program to work with my set up - i copied these files to /etc/shorewall/ as instructed.

My problems:
Because im ignorant about firewalls it is all confusing to me and i cannot analyse the set up myself.

1. I can ping the internet from my firewall machine, but I cannot get web pages up!!
I can also ping my local subnet machines from the firewall & visa versa.

2. Neither of the local machines can even directly ping the internet and of course cannot get any web pages - though they can ping the firewall.

I guess that the problem could have something to do with the rules & policy file settings. I need someone to set out simple settings for this software that will work and allow me to see web pages. Although 'its all in the manual' i cannot unserstand it. I need guidance specifically on getting this program configuired right

Please help me - anybody?
 
Old 10-21-2003, 12:41 PM   #2
neilcpp
Member
 
Registered: Jul 2003
Location: England
Distribution: Debian Jessie, FreeBSD 10.1 anything *nix to get my fix
Posts: 329

Original Poster
Rep: Reputation: Disabled
Ok i have narrowed this problem down a bit. I now got the firewall to access the internet. The problem is now that I cannot access the internet through my two lan machines. (packet forwarding is enabled in the firewall kernal). These are the policy & rules i have:

/etc/shorewall/policy

source destination policy loglevel

loc net accept

net all drop info

all all reject info

fw net accept


/* it was the last entry that allowed the firewall to retrieve web pages */

Please tell me what needs to go in here to allow the lan machines to access the net? Im 99.9% sure it is not a networking problem

The file for rules is :

/etc/shorewall/rules

Action Source Destination protocol destination port

accept fw (firewall) net tcp 53

accept fw net udp 53

/* the above allows DNS connections from the firewall to internet - im told!! */

accept loc fw tcp 22

/* this is something to do with ssh */

accept loc fw icmp 8

accept net fw icmp 8

accept fw loc icmp 8

accept fw net icmp 8


_____

thats it - can you tell me if something needs to go in here to allow the local machines to access the internet? eg something allowing tcp http??

I hope this info helps you to help me. Thanks!!
 
Old 10-21-2003, 03:24 PM   #3
neilcpp
Member
 
Registered: Jul 2003
Location: England
Distribution: Debian Jessie, FreeBSD 10.1 anything *nix to get my fix
Posts: 329

Original Poster
Rep: Reputation: Disabled
Hi folks - its me again!! It has been a long day fiddling with this problem, but i finally got through the firewall from my lan (im using a windows machine now!). I read a web forum message by the creator of the shorewall program. He said to diagnose the problem, type 'shorewall clear' & then try to connect to the web. If it does not work then the problem is nothing to do with the firewall at all!!!

So it was a network problem and i was certain it was not. I read bits of a book 'practical tcp/ip'. I could not ping from my lan using a target name, but i could do so using a ip number - the problem was connected with DNS on the lan machine. I dont know much about this anbd basically just ticked enable dns in the network adapter > properties > dns tab, filled in a few other values and rebooted. Just as i was about to go to sleep depressed by all this, hey presto - a web page was displayed!!

my task now is to try to understand about firewalls and to make sure that mine is properly configuired.

Thank you for reading this & i hope it helps someone who has similar problems.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
configuring shorewall (firewall) mrbig Linux - Software 2 09-09-2005 11:15 AM
Shorewall or other firewall??? SlipAway172 Linux - Security 5 01-25-2005 12:42 AM
installed shorewall now can't ping hostname, only IP ewan Linux - Networking 3 12-19-2004 01:54 AM
Active Shorewall => Can't ping Mandrake ?? anp66 Mandriva 10 04-15-2004 02:06 PM
Can't ping/ssh my box, Shorewall seems to block all traffic except http / ftp tiduck Linux - Networking 10 05-22-2003 09:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration