Why does enabling firewall disallow web browsing?

Why does enabling firewall disallow web browsing?

Post by wrseg.. » Sun, 16 Sep 2001 14:45:46



I am running Redhat 7.1.  When I set input to reject using the basic firewall
configuration panel under KDE, I can not browse the web.  This seems to be
a case of having to disable my security to access the net.  Am I missing
something here, or is this thing really that useless?

Thanks for any suggestions

Wade Segade


 
 
 

Why does enabling firewall disallow web browsing?

Post by D. Stimit » Sun, 16 Sep 2001 15:12:38



> I am running Redhat 7.1.  When I set input to reject using the basic firewall
> configuration panel under KDE, I can not browse the web.  This seems to be
> a case of having to disable my security to access the net.  Am I missing
> something here, or is this thing really that useless?

> Thanks for any suggestions

> Wade Segade



If you want to browse, you have to allow output chain with destinations
of port 80. Where it comes back varies. I reject almost everything from
the outside, but web browse fine, because I allow output chain with
destination port 80 through.



 
 
 

Why does enabling firewall disallow web browsing?

Post by r0gu » Sun, 16 Sep 2001 15:15:53



> I am running Redhat 7.1.  When I set input to reject using the basic
> firewall configuration panel under KDE, I can not browse the web.  This
> seems to be a case of having to disable my security to access the net.
> Am I missing something here, or is this thing really that useless?

> Thanks for any suggestions

> Wade Segade



it sounds like you're rejecting all inbound packets, effectively shutting
you off the net.  Take a look at your firewall script
/etc/rc.d/rc.firewall, and check the ipchains.org site for firewall tips
- they can give you more info than I can in a quick post

--
I will serve no algorithm before it's time.

 
 
 

Why does enabling firewall disallow web browsing?

Post by Kasper Dupon » Mon, 24 Sep 2001 19:11:08



> I am running Redhat 7.1.  When I set input to reject using the basic firewall
> configuration panel under KDE, I can not browse the web.  This seems to be
> a case of having to disable my security to access the net.  Am I missing
> something here, or is this thing really that useless?

> Thanks for any suggestions

> Wade Segade



RedHat 7.1 by default uses ipchains. You need to
allow inputs that are responses to packets you
send. With ipchains this is most often done by
accepting all incomming tcp packets except from
the syn packets. And by allowing all udp packets
from port 53 on your DNS servers.

If you switch to iptables you can setup rules
that will keep track of the communication and
know which incoming packets are responses to
your own outgoing packets.

--
Kasper Dupont

 
 
 

1. Web browsing problems on LAN through RH7.2 ipchains firewall

Hi,

I am having a few problems with a Red Hat 7.2 firewall running ipchains.

The setup is ISP -> ADSL Router -> Firewall -> Hub (rest of LAN).

The workstations on the LAN are configured to query DNS servers of the ISP,
and the firewall as the default gateway.

The problem is Internet browsing.  Unfortunately I am not on site at the
moment so I can't see the problems for myself, but the users are
complaining of slow connections to some web sites, and even timeouts.  I am
not sure how reproducible the problems are, but I would like to know if
there is anything obviosly wrong with the above setup.

Would things be improved by running squid and/or a caching DNS server on
the firewall?  How can I analyse where the holdup is?  For all
I know, it could be network congestion on their LAN, how can I measure this?

Any help would be very much appreciated, I have just about run out of
ideas...

Tony

2. Help with this routing business

3. browsing web became very slow after IPtables firewall

4. ProxyPassReverse failed

5. Dialing PPP doing browse on LAN. Why?

6. Which compilers for UltraSPARC?

7. iptables firewall, some web sites unreachable, why?

8. kernel error when compiling kernel on 4-stable (after make dep, durin

9. Why do Apache and NCSA (partially) disallow Redirect in .htaccess?

10. Why would "telnet localhost" disallow connection?

11. A weired problem whle browsing UTF-8 enabled page on Netscape

12. Web Access?? Why oh why???

13. Why oh why does DOS/Windoze work while Linux fails?