From: Alex Boag-Munroe (ajbm@ntlworld.com)
Date: Mon Nov 13 2000 - 00:42:40 PST
The gentleman may have his cards the wrong way around according to
"standards", however, that won't be why pmfirewall isn't working surely!
Alex Boag-Munroe
On Sunday 12 November 2000 23:49, you wrote:
> Before you send an output from an ipchains -L -n command I would
> *strongly* suggest that you switch your eth0 and eth1 interfaces so that
> eth0 is for your internet interface and eth1 for your internal
> interface. This is actually the "default" configuration for ethernet
> configurations in Linux, during the boot process and system
> initialization:
>
> http://www.linuxdocs.org/Net-HOWTO-5.html#ss5.3
>
> The problem is that when you begin to install software, especially
> important networking tools that you may want to use, to monitor your
> firewall or maybe test your networking conditions in a certain fashion,
> the install scripts will be looking for eth0 first and then eth1 after
> that and if you have it the other way round this may cause unreliable
> output that you could misinterpret and *that* could be dangerous. It
> would also be helpful if you can state, more specifically, how your
> connection to the ISP is setup: do you have a static IP address or do
> use DHCP, or maybe some other like PPPoE, PPtP, etc.? Why these are
> important points is just so that you will not have any holes in your
> firewall once it is up and running........
>
> solomon@barak-online.net wrote:
> > I wrote about this a few weeks ago and no-one was able to help, so I'm
> > writing again. Since my previous request for help, I've updated from
> > Mandrake 7.0 to 7.2 and re-installed pmfirewall, but I still have the
> > same problem as before. I hope someone can help.
> >
> >
> > I downloaded pmfirewall and installed it after reading all the
> > documentation. I also followed an excellent on-line tutorial on the Linux
> > Mandrake site. All the questions and answers in the installation process
> > (sh install.sh) were explained very well.
> >
> > I have a LINUX box (Pentium 500) with two NICs - eth0 connects to my home
> > network and eth1 connects to an ALCATEL ADSL modem. Before installing
> > pmfirewall, I could connect to the INTERNET and do anything I want on the
> > LINUX box. The WIN98 box, did not see the INTERNET. The point of
> > installing pmfirewall was to act as a firewall on the LINUX box and also
> > top provide IP Masqerading to allow the Win98 box to surf the INTERNET.
> >
> > After running pmfirewall start, I could no longer do anything on the
> > INTERNET - I couldn't reach any address with PING, TRACEROUTE, OR
> > Netscape. This applies to both the LINUX box connected via ADSL to the
> > INTERNET and to a WIN98 machine on the network.
> >
> > Although during the install process, I answered all the **default**
> > answers (except of course to identify eth0 as my internal device and eth1
> > as my external device) I thought maybe I'd set up one or more of the
> > rules wrongly. So as an experiment, I re-installed and this time answered
> > all the **wrong** answers and allowed **EVERYTHING** (obviously not the
> > intent of the FireWall but I was experimenting) to see if this would
> > solve the problem. But I still couldn't do anything on the INTERNET.
> > Running pmfirewall stop immediately solved the problem.
> >
> > The strangest thing is that if I run pmfirewall masqstart, I can use both
> > machines. I can now surf the INTERNET from the WIN98 machine on my home
> > networ k. So the IP Masquerading part of the program is working. But the
> > Firewall is **too good** and apparantly blocking everything!!!!!
> >
> > Any ideas what to look for to see why this is happening??
> >
> > If anyone is interested, I'd be glad to send configuration files and/or
> > the output of "ipchains -l" before and after each command.
> >
> > TIA
> >
> > //-------------------------
> > Shlomo Solomon
> > E-Mail: solomon@barak-online.net
> > http://come.to/shlomo.solomon
> > Date: 12-Nov-2000 Time: 21:54:12
> >
> > Message sent by XFMail on a LINUX Mandrake 7.2 machine
> > //-------------------------
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:37:43 PDT