MandrivaThis Forum is for the discussion of Mandriva (Mandrake) Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This firewall is driving me nuts. If I enable it I can't even surf. I tried firestarter (http://firestarter.sourceforge.net/index2.php) but didn't make it work like I wanted it to. Some testing online showed a lot of open ports. So it either no connection or everything wide open.
Is there a good howto on how to configure the firewall? I can't find any I tried google aswell. Firestarter looks nice and easy, is there something similair?
Just this week I implemented a Linux Mandrake MNF. (Multi Network Firewall) at work.
No prior experience with Firewalls.....good computer background...just no formal training.
All went well. Both inbound / outbound port security.
MNF is a distro ment solely for being a firewall. This is my configuration (Wether its correct or not.....it works well for me)
LAN (192.168.0.XXX)
~~~>
Linux MNF (192.168.0.2) Eth0
~~~>
Linux MNF (192.168.0.3) Eth1 using 192.168.0.1 as a gateway
~~~>
LinkSys Router(192.168.0.1)
~~~>
DSL MODEM
INTERNET
My Lan connects to the MNF on eth0 then I have it routing eth1 to the gateway which is my linksys (peice of shit) router, which is then connected to my dsl modem
I installed Mandrake 9.1 on my desktop and laptop and am having the EXACT same problem you are discribing but only on my laptop. I dont understand this as both my Mandrake's are configured basically the same. It must be a bug. I tried Guarddog and firestarter and both with the same results, when the firewall is active there is NO connection.
I am using a IBM T22 Laptop 900MHz.
Are you using a similar system?
I'm running Mandrake 9.1 on a desktop (AMD 1700) so it's not only a laptop problem I guess. I'd really like to see a firewall that works a bit like nortons on windows. It configures the main programs auto and for software like emule you can easily open the ports you need and see on one page which are open and which are not.
Actually I really like to be able to configure this firewall even if it's not easy. My system is far from secure at the moment.
Hi twinkers. Give a try to Guarddog and take a time to learn how to configure it. It works quite different than Zone Alarm or other windows minded firewalls . It works over protocols permisions instead of programs permisions. I have a LAN with a Pentium IV with dual boot WinXP/MDK 9.1 and a very older Pentium 200 MMX with Win98. Sharing files, printer and dial-up internet connexion with modem in the Pentium IV machine. Everything working. Recently my system got the highest rates of security at the online test website of Gibson Research Corporation: http://grc.com/default.htm and browse for ShieldsUP link. Keep in mind that Guarddog comes with everything closed by default, so you have to open every protocol you need to ve served from internet zone. If you don't do it, nothing works apparently.
Okey, I'll give it a try. Do I have to change the settings of the internal firewall to off or on before I start with Guarddog or does Guardsdog simply change the settings of the internal firewall?
I really don't have a clue about this. But I think honestly that it would not be advisable to have two firewall different configurations working in the same system. Personally, I left untouched the default configuration of shorewall (the internal firewall you mentioned). Guarddog comes with a really very good help section. Imagine what a challege was for a baby newbie as I am, to configure my LAN!. With Guarddog I dit it.
@oski: Brilliant! Took the time to read the manual and it works. The test te refer to online made me very happy:
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
Indeed it is very nice! The other tests came back similair, so at least the first line is secure now. Thanx a bunch!
Congratulations! Don't forget open common protocols served from the internet zone as are mail, irc etc. Remember that local zone (your machine) is usually client not server. So usually you don't have to serve nothing to the internet zone
Originally posted by oski [...] Give a try to Guarddog and take a time to learn how to configure it. It works quite different than Zone Alarm or other windows minded firewalls . It works over protocols permisions instead of programs permisions. [...]
When I read that, after tearing out what little hair I had left over Firestarter--which worked easily and clearly, but would only let me receive and eventually send mail after all sorts of juggling, and never did let me browse the Web--I downloaded Guarddog and within fifteen minutes was able to use the Web and my email and get a largely "stealth" rating from Gibson Research.
The only non-stealth items now are the ports used for SMTP, POP3, time serving, HTTP, and FTP, and they show up as "closed." Eventually maybe I'll figure out how to get a stealth reading on those, too--or is it possible?
Anyway, thanks to oski I feel I do have a more secure system now.
Progress report! After rebooting--and then getting rid of Firestarter, which I'd failed to do earlier--I got a "Perfect Stealth" rating on the Gibson Research tests! Green never looked so good! I love that Guarddog!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.