dnoyeB wrote:
> I recently changed the MB on my computer. The new one instead of renaming
> eth0 to one of the new adapters, mandriva created eth2 and eth3.
> Therefore, the firewall was not protecting eth2 and eth3.

If you are using shorewall, you will need entries at the bottom
of file /etc/shorewall/interfaces for eth2 and eth3, and you can
delete the existing entry for eth0 if it does not exist.

Cheers!

jim b.

--
UNIX is not user-unfriendly; it merely
expects users to be computer-friendly.

On Mon, 28 May 2007 08:34:39 -0500, dnoyeB wrote:
> I recently changed the MB on my computer. The new one instead of renaming
> eth0 to one of the new adapters, mandriva created eth2 and eth3.
> Therefore, the firewall was not protecting eth2 and eth3.

First, let's make shorewall a little more strict. Click up a terminal
su - root

cd /etc/shorewall
cp shorewall.conf shorewall.conf_orig
kwrite shorewall.conf
and change ADMINISABSENTMINDED=Yes
to ADMINISABSENTMINDED=No

You might want to read the comments about ADMINISABSENTMINDED

click save/exit

Next, do a

ifconfig -a and write down the HWaddr of the active nic.
mcc

If me, I would get into the Network section of Mandriva Control Center and
delete all network connections,
reboot and see what ethXs were connected.

mii-tool -v <=== look for link ok to find connected nic

Then disable on boot for unconnected adapters in mcc Network and setup
the nic found with mii-tool.


> I found this out today, and have been trying to activate the firewall on
> eth3, and I disabled eth2 which is not connected. But I can not get the
> firewall to stop allowing port 80.

And how do you know it is allowing port 80.

> What do I need to do? do I have to wait till the current session on 80
> times out or something?

normally, you would use pkill or kill to stop the process using a connection.

Now, enter
mcc
and get back into the Security section of MCC and go through
shorewall setup again and do not check any service ports.
All the service boxes should be unchecked. OK, then pick your internet nic.

click up a terminal,
su - root
service shorewall restart

Check for errors as shorewall comes back up.

> I tried restarting shorewall too, but its still
> allowing 80. this port has never been allowed by me.

with ADMINISABSENTMINDED=Yes current connections are not dropped.

--
The warranty and liability expired as you read this message.
If the above breaks your system, it's yours and you keep both pieces.
Practice safe computing. Backup the file before you change it.
Do a, man command_here or cat command_here, before using it.

On Mon, 28 May 2007 09:34:39 -0400, dnoyeB wrote:

> I recently changed the MB on my computer. The new one instead of renaming
> eth0 to one of the new adapters, mandriva created eth2 and eth3.

I take it the MB has an onboard ethernet nic, so you now have a different
mac id.

See the thread
http://groups.google.ca/group/alt.os...7c90b80c00a94b
for info on which files to remove, or modify, so the new macid will be
assigned to eth0.

Regards, Dave Hodgins


--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

On Mon, 28 May 2007 14:45:43 +0000, Bit Twister wrote:

> On Mon, 28 May 2007 08:34:39 -0500, dnoyeB wrote:
>> I recently changed the MB on my computer. The new one instead of renaming
>> eth0 to one of the new adapters, mandriva created eth2 and eth3.
>> Therefore, the firewall was not protecting eth2 and eth3.
>
> First, let's make shorewall a little more strict. Click up a terminal
> su - root
>
> cd /etc/shorewall
> cp shorewall.conf shorewall.conf_orig
> kwrite shorewall.conf
> and change ADMINISABSENTMINDED=Yes
> to ADMINISABSENTMINDED=No
>
> You might want to read the comments about ADMINISABSENTMINDED\

I did just now. I think this was my problem. Well that and me not
redoing the firewall when I switched to the new MB.

>
> click up a terminal,
> su - root
> service shorewall restart

I did this a few times, no errors.

>
> Check for errors as shorewall comes back up.
>
>> I tried restarting shorewall too, but its still
>> allowing 80. this port has never been allowed by me.
>
> with ADMINISABSENTMINDED=Yes current connections are not dropped.
>

This admin option was probably my problem. ill check when I get home. I
can tell because I was connecting to my box with a webbrowser from another
computer, and it was sending out the proper webpage. It should have been
sending out nothing.

On Mon, 28 May 2007 14:54:06 -0400, David W. Hodgins wrote:

> On Mon, 28 May 2007 09:34:39 -0400, dnoyeB wrote:
>
>> I recently changed the MB on my computer. The new one instead of
>> renaming eth0 to one of the new adapters, mandriva created eth2 and
>> eth3.
>
> I take it the MB has an onboard ethernet nic, so you now have a
> different mac id.

It does. not only that, but the diffeent MB has 2 nics. I addressed this
through my DHCP host.


> See the thread
> http://groups.google.ca/group/alt.os...7c90b80c00a94b
> for info on which files to remove, or modify, so the new macid will be
> assigned to eth0.
>
>
I know now. next time I will make that change. Ill add this to my OS
upgrade guide.