[plug] Mandrake 9.0 firewall?? problem

[Graham, Alan A.]

Just a thought, have you check /etc/hosts.equiv?  I don't know shorewall,
but it's possible that it installed tcpwrappers as an extra line of defense
(=good thing).  If so, then switching shorewall off *may* mess around with
the tcpwrappers config.  Although hosts.allow and hosts.deny seem ok from
what you've said.  Hmmm...

Another thing that shorewall may have done is to restrict access to ping to
root.  Worth cjecking?

Alan

> -----Original Message-----
> From:	Steve Boak [SMTP:sboak at westnet.com.au]
> Sent:	Wednesday, 27 November 2002 0:18
> To:	plug at plug.linux.org.au
> Subject:	Re: [plug] Mandrake 9.0 firewall?? problem
> 
> On Tuesday 26 November 2002 05:27, Leon Brooks wrote:
> > On Tuesday 26 November 2002 03:18 pm, Stephen Boak wrote:
> > > can't ping 10.0.0.26 - sendmsg: Operation not permitted
> >
> > This generally means one of two things - either there is firealling
> > in place or the network card you're trying to ping from has a scrod
> > configuration.
> >
> > Check the iptables rule counters to make sure the DROPs have scored
> > zero packets. F.e. you might be accepting TCP only, in which case
> > ICMP (ping) would get DROPped.
> >
> > Just as a test, add an all/all ACCEPT rule on FORWARD. I'm
> > presuming that /proc/sys/net/ipv4/ip_forward is set to 1
> >
> > Cheers; Leon
> 
> I'll check the iptable counters for clues first - that sounds useful, 
> and give the FORWARD a go, but I don't think I've got to that point 
> yet. Modem and ppp is still off while testing.
> 
> What's a 'scrod configuration'? I looked on google, and all I got was 
> scrod pudding, braised scrod and broiled scrod :)
> 
> Presumably a refernece to 'cooked', 'burnt to a crisp', 'toasted' and 
> other descriptive terms for 'stuffed'?
> 
> Steve
> 
> 
> 
> -- 
> This email was received from the Internet.  If this email is unsolicited,
> non-business related, inappropriate or spam, please forward it to
> spamfilter at woodside.com.au