Mageia forum

I think the iptables firewall is blocking some things I want access to, such as webwin, (https://localhost:10000), and the abiltity to see a NAS unit on my LAN, as an smb device. In Mageia control center, I went to "Configure your personal firewall", but it seems to only ask me what services I want the internet to connect to. I picked the disable option, rebooted, but no difference. I don't want to allow anything from the internet, just stuff on my LAN, (192.168.0.x)

I know that the shorewall cmd line program to configure iptables is installed, but I'm hoping there is a easier to use gui to configure iptables.

TIA,

jbarntt56

Firestarter (user friendly firewall)
https://en.wikipedia.org/wiki/Firestart ... irewall%29

I tried firestarter, but I get this error message:

Failed to start firewall
The device enp2s0 is not ready

From ifconfig -a I get this:

Code: Select all

enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.8  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::a62:66ff:fe27:dd7b  prefixlen 64  scopeid 0x20<link>
        ether 08:62:66:27:dd:7b  txqueuelen 1000  (Ethernet)
        RX packets 21276  bytes 15403086 (14.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 19151  bytes 2696184 (2.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 394  bytes 24978 (24.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 394  bytes 24978 (24.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



Firestarter was last updated in 2005, I don't think it understands systemd, maybe? enp2s0 would have been eth0, back in the day.

Thanks for your help. Any other ideas?

jbarntt56

Can you please clear your current firewall configuration and show the output as root of the following commands?

Code: Select all

shorewall clear
iptables -L
service webmin status

Afterwards please try again with webmin and to access your NAS' smb share.

Hi Doktor,

I ran the commands as root, in the order you gave. Output below, in order.

Code: Select all

Clearing Shorewall....
Processing /etc/shorewall/stop ...
Processing /etc/shorewall/tcclear ...
Running /sbin/iptables-restore...
Processing /etc/shorewall/stopped ...
Processing /etc/shorewall/clear ...
done.

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         


Code: Select all

Webmin is stopped

The interesting thing is that in control center, where you set to daemons to run at boot and can see the status, webmin is shown as running. Also I cannot see my NAS share. I will take a look at the NAS and make sure I have it set properly. I ran webmin start with the serrvice command, but the service command with status still shows it as stopped.

Hi,

I cannot find my NAS share in Dolphin, but I can using smbclient //192.168.0.x/share, where x=the number of the NAS.

I am able to login, and I copied a file to the share from my PC. Looks like I've got a netbios name resolver issue. I'll look into setting up nmbd on my pc, or maybe an lmhosts entry. The NAS is purely for backup, so if I can mount the share, I can rsync my backup to the share, (I think.) Anyway, it looks like I'm on the right path regarding the NAS.

I would very much like to solve the webmin issue, as it is an excellent tool for ordinary administration use. I think I will uninstall and reinstall webmin.

jbarntt56

I couldn't uninstall webmin via the GUI, but was able to do it at the command line with urpme webmin. I was then able to go back to the GUI, and reinstall, and webmin works fine.

This is looking good. Tomorrow, I'll see about configuring my PC so I can see my NAS share in the Dolphin GUI, and will post my results.

Thanks for your help!

jbarntt56

Yes, it seems that the firestarter has not received updates lately
But it continues to work well. And it is very useful and easy to use.
For me it is a complement to Shorewall
It needs to be configured correctly.
It must be installed rsyslog package
The error "The enp2s0 device is not ready" might be corrected checked at "Edit", "preferences", "network setting" and making sure it correctly selecting the "Detected device".
This error also occurred to me, so I opened a bug 16421. But then I managed to set up and it is now working correctly in Mageia 5

Recmint.com - FireStarter – A High-Level Graphical Interface Iptables Firewall For Linux Systems - by Ravi Saive - January 7, 2015

TechRepublic.com - Review: Firestarter firewall for Linux - By Jack Wallen - August 27, 2009

Hi Maxci,

Thanks for the information about firestarter, I will do as you suggest. It will be nice to have a user friendly interface to iptables.

Doktor5000,

The instructions you gave me, above, pretty much fixed my problems. A few minor issues left, but I should be be able to deal with them.

Thank you both for your help! I am going to mark this issue solved.

jbarntt56