firewall not working - Mandriva

This is a discussion on firewall not working - Mandriva ; I recently changed the MB on my computer. The new one instead of renaming eth0 to one of the new adapters, mandriva created eth2 and eth3. Therefore, the firewall was not protecting eth2 and eth3. I found this out today, ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: firewall not working

  1. firewall not working

    I recently changed the MB on my computer. The new one instead of renaming
    eth0 to one of the new adapters, mandriva created eth2 and eth3.
    Therefore, the firewall was not protecting eth2 and eth3.

    I found this out today, and have been trying to activate the firewall on
    eth3, and I disabled eth2 which is not connected. But I can not get the
    firewall to stop allowing port 80.

    What do I need to do? do I have to wait till the current session on 80
    times out or something? I tried restarting shorewall too, but its still
    allowing 80. this port has never been allowed by me.


    Im stuck here

  2. Re: firewall not working

    dnoyeB wrote:
    > I recently changed the MB on my computer. The new one instead of renaming
    > eth0 to one of the new adapters, mandriva created eth2 and eth3.
    > Therefore, the firewall was not protecting eth2 and eth3.


    If you are using shorewall, you will need entries at the bottom
    of file /etc/shorewall/interfaces for eth2 and eth3, and you can
    delete the existing entry for eth0 if it does not exist.

    Cheers!

    jim b.

    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

  3. Re: firewall not working

    On Mon, 28 May 2007 08:34:39 -0500, dnoyeB wrote:
    > I recently changed the MB on my computer. The new one instead of renaming
    > eth0 to one of the new adapters, mandriva created eth2 and eth3.
    > Therefore, the firewall was not protecting eth2 and eth3.


    First, let's make shorewall a little more strict. Click up a terminal
    su - root

    cd /etc/shorewall
    cp shorewall.conf shorewall.conf_orig
    kwrite shorewall.conf
    and change ADMINISABSENTMINDED=Yes
    to ADMINISABSENTMINDED=No

    You might want to read the comments about ADMINISABSENTMINDED

    click save/exit

    Next, do a

    ifconfig -a and write down the HWaddr of the active nic.
    mcc

    If me, I would get into the Network section of Mandriva Control Center and
    delete all network connections,
    reboot and see what ethXs were connected.

    mii-tool -v <=== look for link ok to find connected nic

    Then disable on boot for unconnected adapters in mcc Network and setup
    the nic found with mii-tool.


    > I found this out today, and have been trying to activate the firewall on
    > eth3, and I disabled eth2 which is not connected. But I can not get the
    > firewall to stop allowing port 80.


    And how do you know it is allowing port 80.

    > What do I need to do? do I have to wait till the current session on 80
    > times out or something?


    normally, you would use pkill or kill to stop the process using a connection.

    Now, enter
    mcc
    and get back into the Security section of MCC and go through
    shorewall setup again and do not check any service ports.
    All the service boxes should be unchecked. OK, then pick your internet nic.

    click up a terminal,
    su - root
    service shorewall restart

    Check for errors as shorewall comes back up.

    > I tried restarting shorewall too, but its still
    > allowing 80. this port has never been allowed by me.


    with ADMINISABSENTMINDED=Yes current connections are not dropped.

    --
    The warranty and liability expired as you read this message.
    If the above breaks your system, it's yours and you keep both pieces.
    Practice safe computing. Backup the file before you change it.
    Do a, man command_here or cat command_here, before using it.

  4. Re: firewall not working

    On Mon, 28 May 2007 09:34:39 -0400, dnoyeB wrote:

    > I recently changed the MB on my computer. The new one instead of renaming
    > eth0 to one of the new adapters, mandriva created eth2 and eth3.


    I take it the MB has an onboard ethernet nic, so you now have a different
    mac id.

    See the thread
    http://groups.google.ca/group/alt.os...7c90b80c00a94b
    for info on which files to remove, or modify, so the new macid will be
    assigned to eth0.

    Regards, Dave Hodgins


    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  5. Re: firewall not working

    On Mon, 28 May 2007 14:45:43 +0000, Bit Twister wrote:

    > On Mon, 28 May 2007 08:34:39 -0500, dnoyeB wrote:
    >> I recently changed the MB on my computer. The new one instead of renaming
    >> eth0 to one of the new adapters, mandriva created eth2 and eth3.
    >> Therefore, the firewall was not protecting eth2 and eth3.

    >
    > First, let's make shorewall a little more strict. Click up a terminal
    > su - root
    >
    > cd /etc/shorewall
    > cp shorewall.conf shorewall.conf_orig
    > kwrite shorewall.conf
    > and change ADMINISABSENTMINDED=Yes
    > to ADMINISABSENTMINDED=No
    >
    > You might want to read the comments about ADMINISABSENTMINDED\


    I did just now. I think this was my problem. Well that and me not
    redoing the firewall when I switched to the new MB.

    >
    > click up a terminal,
    > su - root
    > service shorewall restart


    I did this a few times, no errors.

    >
    > Check for errors as shorewall comes back up.
    >
    >> I tried restarting shorewall too, but its still
    >> allowing 80. this port has never been allowed by me.

    >
    > with ADMINISABSENTMINDED=Yes current connections are not dropped.
    >


    This admin option was probably my problem. ill check when I get home. I
    can tell because I was connecting to my box with a webbrowser from another
    computer, and it was sending out the proper webpage. It should have been
    sending out nothing.

  6. Re: firewall not working

    On Mon, 28 May 2007 14:54:06 -0400, David W. Hodgins wrote:

    > On Mon, 28 May 2007 09:34:39 -0400, dnoyeB wrote:
    >
    >> I recently changed the MB on my computer. The new one instead of
    >> renaming eth0 to one of the new adapters, mandriva created eth2 and
    >> eth3.

    >
    > I take it the MB has an onboard ethernet nic, so you now have a
    > different mac id.


    It does. not only that, but the diffeent MB has 2 nics. I addressed this
    through my DHCP host.


    > See the thread
    > http://groups.google.ca/group/alt.os...7c90b80c00a94b
    > for info on which files to remove, or modify, so the new macid will be
    > assigned to eth0.
    >
    >

    I know now. next time I will make that change. Ill add this to my OS
    upgrade guide.

+ Reply to Thread