Mandrake Firewall Setup

[bpapa]

I am new and I am running Mandrake 10.0. I am wondering what i need to do to setup the firewall (if anything). When I go into the Mandrake Control Center, select security and then select Firewall there are a list of options "to allow the internet to connect to":

Everything (no firewall)
Web Server
Domain Name Server
Ftp Server
SSh server
Main Server
Pop and IMAP Server
ping

which ones should i have selected? Currently I have "Everything (no firewall)" selected. Also under Security there "Levels and Checks" and "Permissions" options that can be modified. Do I need to do anything with these? I am just using the computer for my own personal use and the typical web surfing, email etc.

Thanks.

[lakerdonald]

just select ping, since you're just a home pc. or you can make your pc not respond to ping probes by allowing nothing.

[bpapa]

just select ping, since you're just a home pc. or you can make your pc not respond to ping probes by allowing nothing.

I just tried that, but then I am unable to connect to any web pages through my browser and my I cannot connect to the email server. In fact, the only time I am able to connect is when I have "Everything (no firewall) selected".

[lakerdonald]

oh so those are the things that your computer are allowed to connect to? that seems kind of backwards...

[bpapa]

oh so those are the things that your computer are allowed to connect to?

I think so...the GUI asks..."Which services would you like to allow the internet to connect to?" and then gives the list with check boxes next to each one.

[mhearne]

Set your built-in firewall to pass everything, like it defaults to. Install Webmin and Shorewall. Here is how your shorewall policy file should look at the end:

loc net ACCEPT
fw loc ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info
loc $FW ACCEPT -

You have to add the last line yourself, or you won't even be able to browse on the machine with the internet connection. You will also need to install squid, and bind.

net = internet
fw = firewall
loc = your local network

See the shorewall and squid homepages for detailed info, but remember that Mandrakes version of shorewall is slightly different from the rest of the world.

You have to set up ip-masquerade before this will work. As root, at the command line, type:

echo 1 > /proc/sys/net/ipv4/ip_forward

and then type:

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

If you're not using dial-up, then you need to change ppp0 to the appropriate interface.

http://www.shorewall.net
http://www.squid-cache.org

HTH

Michael

[bpapa]

Thanks Michael. I had been reading the shorewall documentation recently. The only part I hadn't figured out was the masquerading. Thanks.