This firewall is driving me nuts. If I enable it I can't even surf. I tried firestarter (http://firestarter.sourceforge.net/index2.php) but didn't make it work like I wanted it to. Some testing online showed a lot of open ports. So it either no connection or everything wide open.

Is there a good howto on how to configure the firewall? I can't find any I tried google aswell. Firestarter looks nice and easy, is there something similair?

Just this week I implemented a Linux Mandrake MNF. (Multi Network Firewall) at work.

No prior experience with Firewalls.....good computer background...just no formal training.

All went well. Both inbound / outbound port security.

MNF is a distro ment solely for being a firewall. This is my configuration (Wether its correct or not.....it works well for me)

LAN (192.168.0.XXX)
~~~>
Linux MNF (192.168.0.2) Eth0
~~~>
Linux MNF (192.168.0.3) Eth1 using 192.168.0.1 as a gateway
~~~>
LinkSys Router(192.168.0.1)
~~~>
DSL MODEM
INTERNET

My Lan connects to the MNF on eth0 then I have it routing eth1 to the gateway which is my linksys (peice of shit) router, which is then connected to my dsl modem


bz
Linux newbie....and loving it!

Take a look: http://www.simonzone.com/software/guarddog/

I installed Mandrake 9.1 on my desktop and laptop and am having the EXACT same problem you are discribing but only on my laptop. I dont understand this as both my Mandrake's are configured basically the same. It must be a bug. I tried Guarddog and firestarter and both with the same results, when the firewall is active there is NO connection.

I am using a IBM T22 Laptop 900MHz.
Are you using a similar system?

How is a proper bug report submitted to Mandrake?

I'm running Mandrake 9.1 on a desktop (AMD 1700) so it's not only a laptop problem I guess. I'd really like to see a firewall that works a bit like nortons on windows. It configures the main programs auto and for software like emule you can easily open the ports you need and see on one page which are open and which are not.
Actually I really like to be able to configure this firewall even if it's not easy. My system is far from secure at the moment.

Hi twinkers. Give a try to Guarddog and take a time to learn how to configure it. It works quite different than Zone Alarm or other windows minded firewalls . It works over protocols permisions instead of programs permisions. I have a LAN with a Pentium IV with dual boot WinXP/MDK 9.1 and a very older Pentium 200 MMX with Win98. Sharing files, printer and dial-up internet connexion with modem in the Pentium IV machine. Everything working. Recently my system got the highest rates of security at the online test website of Gibson Research Corporation: http://grc.com/default.htm and browse for ShieldsUP link. Keep in mind that Guarddog comes with everything closed by default, so you have to open every protocol you need to ve served from internet zone. If you don't do it, nothing works apparently.

Okey, I'll give it a try. Do I have to change the settings of the internal firewall to off or on before I start with Guarddog or does Guardsdog simply change the settings of the internal firewall?

Thanx!

I really don't have a clue about this. But I think honestly that it would not be advisable to have two firewall different configurations working in the same system. Personally, I left untouched the default configuration of shorewall (the internal firewall you mentioned). Guarddog comes with a really very good help section. Imagine what a challege was for a baby newbie as I am, to configure my LAN!. With Guarddog I dit it.

@oski: Brilliant! Took the time to read the manual and it works. The test te refer to online made me very happy:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Indeed it is very nice! The other tests came back similair, so at least the first line is secure now. Thanx a bunch!

Congratulations! Don't forget open common protocols served from the internet zone as are mail, irc etc. Remember that local zone (your machine) is usually client not server. So usually you don't have to serve nothing to the internet zone

This one works great for me with some modifications to allow some ports in:

rc.firewall Linux Firewall version 2.0rc9 -- 05/02/03
http://projectfiles.com/firewall/

great info on this thread

my shields-up test on grc.com went from blue and red to all green!

thanks
ben

That's the good thing about this forum: even my dumb questions aren't ignored and we help eachother out!

When I read that, after tearing out what little hair I had left over Firestarter--which worked easily and clearly, but would only let me receive and eventually send mail after all sorts of juggling, and never did let me browse the Web--I downloaded Guarddog and within fifteen minutes was able to use the Web and my email and get a largely "stealth" rating from Gibson Research.

The only non-stealth items now are the ports used for SMTP, POP3, time serving, HTTP, and FTP, and they show up as "closed." Eventually maybe I'll figure out how to get a stealth reading on those, too--or is it possible?

Anyway, thanks to oski I feel I do have a more secure system now.

Progress report! After rebooting--and then getting rid of Firestarter, which I'd failed to do earlier--I got a "Perfect Stealth" rating on the Gibson Research tests! Green never looked so good! I love that Guarddog!