| John Lavin on 25 Jan 2004 03:22:01 -0000 |
|
I'm a bit further along - I've been getting the laptop configured the way I want it. I've been fooling with firewalling this thing for the better part of the day and can't figure out exactly what's wrong. I've used gShield to script the iptables rules and generally, its worked great out of the box, but I've been having no end to troubles with trying to get it to work on this box. I don't know if anyone's familiar I'm a bit further along - I've been getting the laptop configured the way I want it. I've been fooling with firewalling this thing for the better part of the day and can't figure out exactly what's wrong. I've used gShield to script the iptables rules and generally, its worked great out of the box, but I've been having no end to troubles with trying to get it to work on this box. I don't know if anyone's familiar with it, but usually all you got to do is download the tarball, dump it to /etc/firewall, change a few well-documented values in the conf file and add it to init scripts and you're done. With this install, I've got a 2.4.22 stock 686 kernel from sarge - seems to load all the right modules: ipt_TOS 1048 22 (autoclean) ipt_MASQUERADE 1336 1 (autoclean) ipt_state 568 3 (autoclean) ipt_REJECT 3000 8 (autoclean) ipt_LOG 3384 9 (autoclean) ipt_limit 888 3 (autoclean) iptable_nat 15854 1 (autoclean) [ipt_MASQUERADE] ip_conntrack 18532 2 (autoclean) [ipt_MASQUERADE ipt_state iptable_nat] iptable_mangle 2168 1 (autoclean) iptable_filter 1740 1 (autoclean) ip_tables 12032 11 [ipt_TOS ipt_MASQUERADE ipt_state ipt_REJECT ipt_LOG ipt_limit iptable_nat iptable_mangle iptable_filter] ... but when I activate the firewall, I can't do get off of my box to ping, ssh or browse the web. From outside, I want all ports blocked with the exception of ssh, but when I do a nmap to the laptop, they're all blocked. One more twist - If I flush everything, browse to a site, then start the firewall, I can continue to browse that site *only* but if I were ssh'ing to someplace and activated the firewall, it will shut me down. I'm not good at reading iptables so somebody might see something here. Here's a snapshot of my iptables --list: http://wayreth.net/iptables.txt Thoughts? Thanks, -john John Lavin said: > Whew- Not too difficult. Got my Thinkpad R40 in the mail tonight and I > took this opportunity to try out the beta 2 of the sarge installer. -- John Lavin <jlavin@wayreth.net> http://www.wayreth.net ,''`. Fingerprint: B0AA 4A33 D43F BA67 E524 22F3 DA3B F8C8 2BA4 8C46 : :' : My country is the world. My countrymen are mankind. --Thomas Paine `. `' `- Attachment:
signature.asc
|
|