[StAndrews and Fife LUG] Linux - Mandrake

brian.duncan@fife.co.uk standrews at mailman.lug.org.uk
Sun Mar 9 18:10:01 2003


cheers David.
checked both these files and they have "1"=20

I switched off the firewall and lost the MSN 'connection'.  I think it mu=
st be the=20
Firewall settings that have screwed up, so will chekc these.

Brian


On Sunday 09 Mar 2003 15:49, David Tillotson wrote:
> In message <YpWN9eBDq0a+EwRZ@acmelabs.demon.co.uk>, David Tillotson
> <linux@acmelabs.demon.co.uk> writes
>
> >In message <200303091346.23103.brian.duncan@fife.co.uk>, brian duncan
> ><brian.duncan@fife.co.uk> writes
> >
> >>I accidentally dicovered that I could use MSN messenger but no Browse=
r or
> >> FTP. therefore it's down to Linux.  I can't see where IP forwarding
> >> should be set in MDK control panel.
> >
> >OK, looks like MDK have screwed up again!
> >What's in /proc/sys/net/ipv4/ip_forward ? This should be non-zero
> >(usually "1") if IP forwarding in enabled (also requires kernel
> >support, but it is in all stock kernels I have seen.) The fact that MS=
N
> >messenger works would indicate that you're forwarding OK. This leaves
> >the fireball rules (blocking TCP < 1024 ?), or Windoze looking for a
> > proxy.
>
> Been doing a little research on this one (an ex-coworker has similar
> woes with MDK9.0!), and found this (all praise to Google's cache)
>
> --- From http://24.43.219.215/~mark/ ---
> Packets just weren't getting forwarded. I checked my rules again and
> again, but they seemed ok. It turned out that IP Forwarding was turned
> off in the kernel. Now, maybe this makes sense for a high security box,
> however, I DID turn on Internet connection sharing, so it seemed silly
> to leave IP Forwarding off. I turned it on with the echo 1 >
> /proc/sys/net/ipv4/ip_forward command, and my firewall seemed ok.
>
> Until I rebooted, that is. Once I rebooted I found that IP Forwarding
> was turned off again. I checked the /etc/sysconfig/ network file and it
> indicated that IP Forwarding was turned on. I was at a loss as to why i=
t
> would be turned off. I eventually grepped the /etc dir for ip_forward
> and found in the /etc/sysctl.conf file a line that said
> "net.ipv4.ip_forward =3D 0". I changed this to "1" and it worked! Needl=
ess
> to say, I found that a little un-intuitive. Perhaps Mandrake needs to
> refine the security level concept a little? I like the idea of a set of
> default configurations that specify a certain security level, and even =
a
> set of tools to help you stay secure, but when the user says "share my
> internet connection", the computer should just DO IT.
> --- End snippet ---
>
> So it would appear that in an attempt to make MDK secure, the ICS stuff
> gets well'n'truly shafted! Boy, am I glad I switch to Debian last week
> (after "upgrading" my Alcatel SpeedTouch Home router :)