When installing Mandrake 9.0 with the higher security option you cannot ping any of it interfaces, localhost (127.0.0.1) included. All other connections to the system are fine, e.g. ssh, www, squid, etc. "shorewall clear" doesn''t help. Does anyone know how to turn this off for at least localhost and eth1?? Yours truly, Ben
On Thu, 16 Jan 2003 14:12, Whitworth, Ben wrote:> When installing Mandrake 9.0 with the higher security option you cannot > ping any of it interfaces, localhost (127.0.0.1) included.I think you will find that the problem will be with msec, rather than shorewall. Try dropping the security level to 3 with; msec -o log=stderr 3 and see how it goes and then head off to http://www.mandrakeuser.org/docs/secure/smsec.html it goes through msec and tells you how to set up at a secure level (4) and still allow other things to work - the higher msec levels defaults can be a little restrictive for day to day use and minor tweaking can free things up and still leave you a secure system. -- Cheers, Craig. Mandrake Linux 9.0 Kernel version: 2.4.20-1mdk Current Linux Uptime: 2 days 20 hours 58 minutes. Registered Linux User: 228534
Thanks for that, I''ve been look for some reading on msec. I had just found what I was looking for. "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all" has fixed it in the short term. Yours truly, Ben
That''s the place. To make it permanent. edit /etc/sysctl.conf file. Update icmp_echo_ignore_all line to 0. It''s getting read on boot. Hope that helps, Trifon "Whitworth, Ben" <BWhitworth@clivepeeters.com.au> wrote:Thanks for that, I''ve been look for some reading on msec. I had just found what I was looking for. "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all" has fixed it in the short term. Yours truly, Ben _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://mail.shorewall.net/mailman/listinfo/shorewall-users Visit my Web Site: http://www.dbaclick.com Tons of Oracle DBA''s scripts, articles, manuals and documents My profile: http://profiles.yahoo.com/clio_usa --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now