On Sunday 09 Nov 2003 7:10 am, Jack Coates wrote: > A lot of answers were written, you might want to go through the mail > archives. My strong, nay, vehement suggestion at this point is to format > that box's disk drives and start over, then ask specific questions. > > Portsentry is good. It is also non-free in the OSI sense since Psionic's > purchase by Cisco, IIRC. > > Shorewall is a sight easier than editing iptables directly, but the > people who can't handle it generally seem to like gshield. I've also > used Monmotha in the past and liked it, does it work with iptables? > Anyway, to grok shorewall you should read its docs. Here's some guiding > principles: > > first, set up interfaces. There is at least one, which is the exterior > ethernet. localhost not required here. > second, set up zones. A zone is a network which is connected to an > interface. There are at least two zones, one for localhost and one for > the Internet. Change the Mandrake names to something you understand. > third, set up policy (deny everything between Internet and localhost). > fourth, set up rules (allow SMTP from Internet to localhost). > > On Sat, 2003-11-08 at 09:41, dfox wrote: SNIP > > > > I tried running shorewall but got nowhere. I don't know how to edit > > shorewall files and I don't want something that won't even let me ping my > > gateway when installed. iptables is running because of portsentry but I > > don't see anything that is specifically tied to port 25. And in atcp mode > > it's supposed to ignore certain standard ports anyway.
Shorewall by default disables Ping. If you want ping enabled then add a line in /etc/shorewall/rules ACCEPT loc fw icmp 8 (assuming the local zone is called 'loc') then 'shorewall restart' derek
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
