Hello! Hopefully someone more knowledgable than me can assist.

I have an old dedicated firewall that I chose to install mandrake security MNF2 on. The installation went fine, at the end of which I was reminded that all future configuration should be done through the web UI.

The problem is that when I attempt to connect to the UI from another machine, I can see the connection requests being rejected by shorewall. I read on another post http://www.linuxquestions.org/questi...-error-271618/ that the web interface is not set up by default, although it is the only real way to configure it. Unfortunately, the thread poster doesnt seem to have explained quite how he fixed the issue.

Im fairly comfortable with command-line OSs and understand basic Linux commands, etc, but I have no idea how to stop shorewall blocking my connections.

I read a little about the so-called "fool's firewall", but this issue doesnt seem to be affecting me (im connecting only the LAN port on my firewall directly to another machine)

Any help would be greatly appreciated.

Many thanks,

Ollie

The poster in the link you referred to was installing MNF2 on a PC, using an .iso file (presumably, copied to a bootable CD). He was able to fix it by booting from his install media.

If you can boot your "dedicated firewall" from a CD/DVD, I'd suggest doing so.

Otherwise, if it's an embedded device (like a router), you should be able to hit the hardware "reset" button.

If all else fails, it might make a good doorstop or paperweight

'Hope that helps .. PSM

thanks for your reply Paul. I have ended up using Vyatta instead. It has much more comprehensive documentation, so I'm up and running with it

For reference, Shorewall, like (almost) all Linux OS based firewalls, use iptables v4 &|R v6. To open or close connections, one adjusts the iptables "rules" which can be done from (most) firewall interfaces, or, if fairly adept with iptables rules, edit the file and appropriate lines of code directly.
It may sound hard but once the language of iptables is learned, it is not. It is dangerous because the wrong code can block or open everything( not sure which is worse ... ) so one needs to be careful.
The point being that whether one is using a local firewall like Shorewall or an external dedicated firewall(or both as in OP's case), an understanding iptables is essential to managing the application. Expert knowledge is not needed for management but the basics are.

FWIW, I have not had to edit the iptables directly for years. The Smoothwall interface(web & openssh) is clumsy but sufficient to get the tasks done. I do not use Shorewall as having two firewalls running was redundant and, as it appeared, a total waste of time( I'm not that paranoid. ). Not having the iptables and Shorewall overhead on the local system(s) makes the system easier to use for many things. I basically replaced Shorewall with clamav... and, dependent upon general security problems|alerts, IDS(snort, which, BTW, can run on the dedicated Smoothwall firewall).