Tom,
First, I want to say thank you for your patients.
Second, It worked!
(I followed your instructions with a few modifications because I
could not get the commands to work on my OS Linux Mint 9
''Isadora'').
I put what I did after each of your instructions
''a,b,c'',etc
(SEE EMAIL BELOW).
I am not sure I know how to allow/deny IP Addressess or Ports.
I want to allow access to the IP Addressess and Ports needed to
access the internet:
computer ==> Wireless Router ==> Internet
Internet ==> Wireless Router ==> Computer
or
computer ==> ADSL Modem ==> Internet
Internet ==> ADSL Modem ==> Computer
I think these are the protocols I want to allow access to and from my
computer:
a. http
b. https
c. ftp
d. smtp
e. pop3
f etc.
I think you can allow access to the above with MACROS. However, I am not
sure
I am using the correct format (SEE attached file Shorewall Working.gz
--
etc/shorewall/rules)
I want to deny access to the other ports on my Wireless Router/ADSL
Modem/Computer.
Since, I am a novice at using linux I do not know which file to edit to
accomplish
what I want to do: Blacklist, Host, Params, policy, etc.
I appreciate all the help you have given me and I am waiting for your
instruction/advice.
Horace
-----ORIGINAL MESSAGE -----
From: Tom Eastep <teastep@shorewall.net>
To: horacef@usnetizen.com
Cc: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Cannot connect to the internet
Date: 03/30/2011 06:26:12 PM
Please do me a favor.
a) Uninstall Shorewall (however your distribution allows you to do
that)
b) rm -rf /etc/shorewall
What I did.
$ sudo rm -rf /etc/shorewall
[sudo] password for *****N_****:
$
NOTE -- NO more /ETC/SHOREWALL directory
c) rm -rf /etc/default/shorewall
What I did.
$ sudo rm -rf /etc/default/shorewall
$
NOTE -- No more /ETC/SHOREWALL/SHOREWALL
d) Install the shorewall package
What I did.
Clicked MENU --> Clicked PACKAGE MANAGER --> Typed SHOREWALL in the
QUICK SEARCH window --> Right Clicked SHOREWALL -->
clicked MARK FOR INSTALATTION --> Clicked APPLY
NOTES -- 1. OS Linux Mint 9 Isadora''
2. Shorewall version:
$ shorewall version
4.4.6
$
-- DO NOTHING ELSE other than what I tell you below.
e) cd /etc/shorewall
What I did.
$ cd /etc/shorewall
$
f) if you are running Debian or Ubuntu and installed the .deb:
cp /usr/share/doc/shorewall/examples/one-interface/* .
What I did.
$ cp /usr/share/doc/shorewall/examples/one-interface/*
cp: target
`/usr/share/doc/shorewall/examples/one-interface/shorewall.conf~'' is
not
a directory
$
$ sudo cp /usr/share/doc/shorewall/examples/one-interface/*
[sudo] password for ******_****:
cp: target `/usr/share/doc/shorewall/examples/one-interface/zones'' is
not a directory
NOTE -- I could not get the above command to work so this is what I
did.
$ cd /usr/share/doc/shorewall/examples/one-interface
$
$ sudo cp * etc/shorewall
$
$ ls
. .. interfaces policy README.txt rules shorewall.conf zones
$
otherwise
cp /usr/share/shorewall/Samples/one-interface/* .
g) Edit /etc/shorewall/shorewall.conf and be sure that
STARTUP_ENABLED=Yes; if not change it.
What I did.
I open FILE BROWSER navigated to /ETC/SHOREWALL/SHOREWALL.CONF
Right Clicked the file SHOREWALL.CONF --> Clicked OPEN AS
ADMINISTRATOR and changed STARTUP ENABLED=No to STARTUP ENABLED=Yes
SAVED the FILE
h) If you are running Debian or Ubuntu, edit /etc/default/shorewall
and set startup=1.
What I did.
I open FILE BROWSER navigated to /ETC/DEFAULT/SHOREWALL
Right Clicked the file SHOREWALL --> Clicked OPEN AS ADMINISTRATOR and
changed STARTUP=0 to STARTUP=1
SAVED the FILE
i) At a root console, type ''shorewall start''.
What I did.
$ sudo shorewall start
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
Compiling ...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Compiling /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
Compiling ...
Processing /usr/share/shorewall/action.Drop for chain Drop...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Compiling iptables-restore input for chain mangle:...
Shorewall configuration compiled to /var/lib/shorewall/.start
Starting Shorewall....
Initializing...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
IPv4 Forwarding Disabled!
done.
$
This configuration will allow you unfettered access from your computer
to the internet.
Now
a) cd /etc
What I did.
$ cd /etc
$
b) cp -a shorewall shorewall.good
What I did.
$ sudo cp -a shorewall shorewall.good
[sudo] password for ******_****`:
$
NOTE: ect/shorewall.good directory/folder is present
c) Now make changes to /etc/shorewall to try to allow the incoming
traffic that you want. If you suddenly find that is has all gone to
hell, then
d) cd /etc
f) rm -rf /etc/shorewall
g) cp -a /etc/shorewall.save /etc/shorewall
h) shorewall restart
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Signature exists, but need public key
------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve
application availability and disaster protection. Learn more about boosting
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev