[Solved] How do I configure the firewall

This forum is dedicated to basic help and support :

Ask here your questions about basic installation and usage of Mageia. For example you may post here all your questions about getting Mageia isos and installing it, configuring your printer, using your word processor etc.

Try to ask your questions in the right sub-forum with as much details as you can gather. the more precise the question will be, the more likely you are to get a useful answer

[Solved] How do I configure the firewall

Postby jbarntt56 » Nov 19th, '15, 04:43

I think the iptables firewall is blocking some things I want access to, such as webwin, (https://localhost:10000), and the abiltity to see a NAS unit on my LAN, as an smb device. In Mageia control center, I went to "Configure your personal firewall", but it seems to only ask me what services I want the internet to connect to. I picked the disable option, rebooted, but no difference. I don't want to allow anything from the internet, just stuff on my LAN, (192.168.0.x)

I know that the shorewall cmd line program to configure iptables is installed, but I'm hoping there is a easier to use gui to configure iptables.

TIA,

jbarntt56
Last edited by jbarntt56 on Nov 22nd, '15, 03:52, edited 1 time in total.
jbarntt56
 
Posts: 85
Joined: Oct 11th, '14, 12:11
Location: Portland, Oregon USA

Re: How do I configure the firewall

Postby macxi » Nov 19th, '15, 14:48

Firestarter (user friendly firewall)
https://en.wikipedia.org/wiki/Firestart ... irewall%29
macxi
 
Posts: 462
Joined: Apr 22nd, '11, 02:54
Location: Portugues of Brazil

Re: How do I configure the firewall

Postby jbarntt56 » Nov 20th, '15, 05:26

I tried firestarter, but I get this error message:

Failed to start firewall
The device enp2s0 is not ready

From ifconfig -a I get this:

Code: Select all
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.8  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::a62:66ff:fe27:dd7b  prefixlen 64  scopeid 0x20<link>
        ether 08:62:66:27:dd:7b  txqueuelen 1000  (Ethernet)
        RX packets 21276  bytes 15403086 (14.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 19151  bytes 2696184 (2.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 394  bytes 24978 (24.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 394  bytes 24978 (24.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



Firestarter was last updated in 2005, I don't think it understands systemd, maybe? enp2s0 would have been eth0, back in the day.

Thanks for your help. Any other ideas?

jbarntt56
Last edited by isadora on Nov 20th, '15, 10:08, edited 1 time in total.
Reason: Placed command-output in between [CODE]-tags for better readability ;)
jbarntt56
 
Posts: 85
Joined: Oct 11th, '14, 12:11
Location: Portland, Oregon USA

Re: How do I configure the firewall

Postby doktor5000 » Nov 20th, '15, 11:24

Can you please clear your current firewall configuration and show the output as root of the following commands?
Code: Select all
shorewall clear
iptables -L
service webmin status

Afterwards please try again with webmin and to access your NAS' smb share.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17630
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: How do I configure the firewall

Postby jbarntt56 » Nov 21st, '15, 05:28

Hi Doktor,

I ran the commands as root, in the order you gave. Output below, in order.

Code: Select all
Clearing Shorewall....
Processing /etc/shorewall/stop ...
Processing /etc/shorewall/tcclear ...
Running /sbin/iptables-restore...
Processing /etc/shorewall/stopped ...
Processing /etc/shorewall/clear ...
done.


Code: Select all
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         


Code: Select all
Webmin is stopped


The interesting thing is that in control center, where you set to daemons to run at boot and can see the status, webmin is shown as running. Also I cannot see my NAS share. I will take a look at the NAS and make sure I have it set properly. I ran webmin start with the serrvice command, but the service command with status still shows it as stopped.
jbarntt56
 
Posts: 85
Joined: Oct 11th, '14, 12:11
Location: Portland, Oregon USA

Re: How do I configure the firewall

Postby jbarntt56 » Nov 21st, '15, 06:43

Hi,

I cannot find my NAS share in Dolphin, but I can using smbclient //192.168.0.x/share, where x=the number of the NAS.

I am able to login, and I copied a file to the share from my PC. Looks like I've got a netbios name resolver issue. I'll look into setting up nmbd on my pc, or maybe an lmhosts entry. The NAS is purely for backup, so if I can mount the share, I can rsync my backup to the share, (I think.) Anyway, it looks like I'm on the right path regarding the NAS.

I would very much like to solve the webmin issue, as it is an excellent tool for ordinary administration use. I think I will uninstall and reinstall webmin.

jbarntt56
jbarntt56
 
Posts: 85
Joined: Oct 11th, '14, 12:11
Location: Portland, Oregon USA

Re: How do I configure the firewall

Postby jbarntt56 » Nov 21st, '15, 07:18

I couldn't uninstall webmin via the GUI, but was able to do it at the command line with urpme webmin. I was then able to go back to the GUI, and reinstall, and webmin works fine.

This is looking good. Tomorrow, I'll see about configuring my PC so I can see my NAS share in the Dolphin GUI, and will post my results.

Thanks for your help!

jbarntt56
jbarntt56
 
Posts: 85
Joined: Oct 11th, '14, 12:11
Location: Portland, Oregon USA

Re: How do I configure the firewall

Postby macxi » Nov 21st, '15, 18:18

Yes, it seems that the firestarter has not received updates lately
But it continues to work well. And it is very useful and easy to use.
For me it is a complement to Shorewall
It needs to be configured correctly.
It must be installed rsyslog package
The error "The enp2s0 device is not ready" might be corrected checked at "Edit", "preferences", "network setting" and making sure it correctly selecting the "Detected device".
This error also occurred to me, so I opened a bug 16421. But then I managed to set up and it is now working correctly in Mageia 5

Attachments
Mga5-firestarter-05a.png
Mga5-firestarter-05a.png (15.04 KiB) Viewed 2419 times
Mga5-firestarter-05b.png
Mga5-firestarter-05b.png (14.74 KiB) Viewed 2419 times
Mga5-firestarter-01a.png
Mga5-firestarter-01a.png (85.16 KiB) Viewed 2420 times
macxi
 
Posts: 462
Joined: Apr 22nd, '11, 02:54
Location: Portugues of Brazil

Re: How do I configure the firewall

Postby jbarntt56 » Nov 22nd, '15, 03:50

Hi Maxci,

Thanks for the information about firestarter, I will do as you suggest. It will be nice to have a user friendly interface to iptables.

Doktor5000,

The instructions you gave me, above, pretty much fixed my problems. A few minor issues left, but I should be be able to deal with them.

Thank you both for your help! I am going to mark this issue solved.

jbarntt56
jbarntt56
 
Posts: 85
Joined: Oct 11th, '14, 12:11
Location: Portland, Oregon USA


Return to Basic support

Who is online

Users browsing this forum: No registered users and 1 guest

cron