|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] New thinkpad with sarge
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Lavin wrote:
I'm a bit further along - I've been getting the laptop configured the
way I want it. I've been fooling with firewalling this thing for the
better part of the day and can't figure out exactly what's wrong.
I've used gShield to script the iptables rules and generally, its worked
great out of the box, but I've been having no end to troubles with
trying to get it to work on this box. I don't know if anyone's familiar
I'm a bit further along - I've been getting the laptop configured the
way I want it. I've been fooling with firewalling this thing for the
better part of the day and can't figure out exactly what's wrong.
I've used gShield to script the iptables rules and generally, its worked
great out of the box, but I've been having no end to troubles with
trying to get it to work on this box. I don't know if anyone's familiar
with it, but usually all you got to do is download the tarball, dump it
to /etc/firewall, change a few well-documented values in the conf file
and add it to init scripts and you're done.
With this install, I've got a 2.4.22 stock 686 kernel from sarge - seems
to load all the right modules:
ipt_TOS 1048 22 (autoclean)
ipt_MASQUERADE 1336 1 (autoclean)
ipt_state 568 3 (autoclean)
ipt_REJECT 3000 8 (autoclean)
ipt_LOG 3384 9 (autoclean)
ipt_limit 888 3 (autoclean)
iptable_nat 15854 1 (autoclean) [ipt_MASQUERADE]
ip_conntrack 18532 2 (autoclean) [ipt_MASQUERADE ipt_state
iptable_nat]
iptable_mangle 2168 1 (autoclean)
iptable_filter 1740 1 (autoclean)
ip_tables 12032 11 [ipt_TOS ipt_MASQUERADE ipt_state
ipt_REJECT ipt_LOG ipt_limit iptable_nat iptable_mangle iptable_filter]
... but when I activate the firewall, I can't do get off of my box to
ping, ssh or browse the web. From outside, I want all ports blocked
with the exception of ssh, but when I do a nmap to the laptop, they're
all blocked.
One more twist - If I flush everything, browse to a site, then start the
firewall, I can continue to browse that site *only* but if I were
ssh'ing to someplace and activated the firewall, it will shut me down.
I'm not good at reading iptables so somebody might see something here.
Here's a snapshot of my iptables --list:
http://wayreth.net/iptables.txt
Thoughts?
Thanks,
-john
John Lavin said:
Whew- Not too difficult. Got my Thinkpad R40 in the mail tonight and I
took this opportunity to try out the beta 2 of the sarge installer.
I think it might be helpful to look at the script and see how the
masquerading rules are written.
- --
Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\
http://lrcressy.com ( o.o )
Phone: 215-535-4037 > ^ <
FAX: 215-535-4285
gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA
For info on enigmail: http://lrcressy.com/linux/mozilla.pdf
For info on gpg: http://www.gnupg.org/
Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFAE9hnP+/m2oUBr+oRAlodAKCWiKcSe8HibTYZIHEeoUeAw7bjGQCdE5ke
7Dcdb/1pvj7ZjlquduF7DSQ=
=gxwc
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|