I am trying to move from MS Windows (of which I am a std user) to Linux and, 10 days ago, I installed Mandrake 9.0, everything is OK except for WEB navigation: even if surely connected, I cannot navigate and the browser answer is always:...host unknown.. Apparently the problem is the firewall (Shorewall) installed by default that rejects all comunication, infact looking in the Firewall settings only CUPS is allowed and it is not possible to modify by adding the other services nor as user nor as root (red screens). Pls. is there a "graphical" mode to change the settings and allow comunication ?? and, if not, how can I do ?? In case only chance is via "command line" and I will not be successful, if I disinstall and reinstall Shorewall, there will be a graphical configuration ?? Sorry for disturbing for these "peanuts" but I am an absolute beginner, Tks Alberto
--On Thursday, November 14, 2002 01:07:33 PM +0100 cdm <cdelmont@inwind.it> wrote:> > > I am trying to move from MS Windows (of which I am a std user) to Linux > and, 10 days ago, I installed Mandrake 9.0, everything is OK except for > WEB navigation: even if surely connected, I cannot navigate and the > browser answer is always:...host unknown.. Apparently the problem is the > firewall (Shorewall) installed by default that rejects all comunication, > infact looking in the Firewall settings only CUPS is allowed and it is > not possible to modify by adding the other services nor as user nor as > root (red screens). Pls. is there a "graphical" mode to change the > settings and allow comunication ?? and, if not, how can I do ?? In case > only chance is via "command line" and I will not be successful, if I > disinstall and reinstall Shorewall, there will be a graphical > configuration ?? Sorry for disturbing for these "peanuts" but I am an > absolute beginner, Tks AlbertoThere is no GUI included with Shorewall and I don''t know what Mandrake has included in 9.0. Here in the United States, Mandrake has taken orders for 9.0 and charged customers credit cards but so far have not shipped the product (although their last news letter dated November 9 claims that shipments have begun, I have not received my copy yet). My advice to you is to uninstall Shorewall. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
--On Thursday, November 14, 2002 01:07:33 PM +0100 cdm <cdelmont@inwind.it> wrote:> > > I am trying to move from MS Windows (of which I am a std user) to Linux > and, 10 days ago, I installed Mandrake 9.0, everything is OK except for > WEB navigation: even if surely connected, I cannot navigate and the > browser answer is always:...host unknown.. Apparently the problem is the > firewall (Shorewall) installed by default that rejects all comunication,I should point out that an incorrectly-configured DNS resolver can also produce these symptoms. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
--On Thursday, November 14, 2002 07:50:36 AM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > > --On Thursday, November 14, 2002 01:07:33 PM +0100 cdm > <cdelmont@inwind.it> wrote: > >> >> >> I am trying to move from MS Windows (of which I am a std user) to Linux >> and, 10 days ago, I installed Mandrake 9.0, everything is OK except for >> WEB navigation: even if surely connected, I cannot navigate and the >> browser answer is always:...host unknown.. Apparently the problem is the >> firewall (Shorewall) installed by default that rejects all comunication, > > I should point out that an incorrectly-configured DNS resolver can also > produce these symptoms. >If you can bring yourself to use the command line for a couple of tests, we can determine if Shorewall is the problem. As root, type: shorewall clear If you can now browse the internet, then Shorewall was blocking outbound traffic. If you still can''t browse then your problem is elsewhere; I suggest that you check your DNS settings. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
To add to this, on install, I had the same problem with Mandrake 9.0. Turns out, it had no idea what nameserver to use (/etc/resolv.conf had no nameserver entry). This turned out, in my case, to be the main reason I had no browsing. Since then, I have been working away with shorewall, quite confusingly set up in Mandrake btw, by starting with a "masq all ACCEPT" in the /etc/shorewall/policy file and addign rules as I learn them to secure everything. Mandrake seems to use "loc" and "masq" a some sort of redundant local zone (internal network). I just removed everything to do with "loc" so its just a simple two interface config. Another trick (and I''m not sure if Tom would be a fan of this) is that is if you have an older firewall setup (mandrake 8.2 or so) and it happens to be iptables but not shorewall, you can add any of those commands to your own /etc/shorewall/custom file. Change all references for "iptables" to "run_iptables". This got me by for some complicated DNAT stuff from my older setup. Then I''ve been removing them as I get it all just the way I like in shorewall. Overall, its far better to have it in shorewall. FAR easier to work with after you forget what you did to get things working :) Hope this is of some help cheers, Kevin --- cdm <cdelmont@inwind.it> wrote: >> I am trying to move from MS Windows (of which I am a std user) to > Linux and, 10 days ago, I installed Mandrake 9.0, everything is OK > except for WEB navigation: even if surely connected, I cannot > navigate and the browser answer is always:...host unknown.. > Apparently the problem is the firewall (Shorewall) installed by > default that rejects all comunication, infact looking in the > Firewall settings only CUPS is allowed and it is not possible to > modify by adding the other services nor as user nor as root (red > screens). > Pls. is there a "graphical" mode to change the settings and allow > comunication ?? and, if not, how can I do ?? > In case only chance is via "command line" and I will not be > successful, if I disinstall and reinstall Shorewall, there will be > a graphical configuration ?? > Sorry for disturbing for these "peanuts" but I am an absolute > beginner, Tks > Alberto >______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
Pleased to confirm solution: from Root with "shorewall clear", the problem is over. Now, with Mandrake 9.0, I can navigate. A ''visit'' to www.grc.com informs that ports are not stealth but anyway closed, I''ll try to manage for configuring. Tks Alberto ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "cdm" <cdelmont@inwind.it>; <shorewall-users@shorewall.net> Sent: Thursday, November 14, 2002 5:10 PM Subject: Re: [Shorewall-users] navigation problems> > > --On Thursday, November 14, 2002 07:50:36 AM -0800 Tom Eastep > <teastep@shorewall.net> wrote: > > > > > > > --On Thursday, November 14, 2002 01:07:33 PM +0100 cdm > > <cdelmont@inwind.it> wrote: > > > >> > >> > >> I am trying to move from MS Windows (of which I am a std user) to Linux > >> and, 10 days ago, I installed Mandrake 9.0, everything is OK except for > >> WEB navigation: even if surely connected, I cannot navigate and the > >> browser answer is always:...host unknown.. Apparently the problem isthe> >> firewall (Shorewall) installed by default that rejects allcomunication,> > > > I should point out that an incorrectly-configured DNS resolver can also > > produce these symptoms. > > > > If you can bring yourself to use the command line for a couple of tests,we> can determine if Shorewall is the problem. As root, type: > > shorewall clear > > If you can now browse the internet, then Shorewall was blocking outbound > traffic. If you still can''t browse then your problem is elsewhere; I > suggest that you check your DNS settings. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://shorewall.sf.net > ICQ: #60745924 \ teastep@shorewall.net >