Help setting up firewall...

[Toosmoky]

I can't seem to get a firewall going. I've tried Bastille, Shorewall, Firestarter and Guarddog. Best I can get is a solid wall. Nothing in or out.

Tried Webmin with and without Shorewall modules.

I'm using 2.6.5 on Knoppix/Debian.

Using PPPoE to my ADSL provider. IP provided by DHCP.

ISPs DNS is 203.0.178.191.

ADSL Modem is set up as a bridge.

eth0 -> disconnected (currently only the one system)
eth1 -> ppp0 (ADSL)

http://192.168.0.1 gets me into the modem in windows but not in linux?...

It's a home system used for internet, e-mail, etc.
No servers. No need for any external access.

Can anyone help me with rules for iptables?

'IPtables for Dummies' sort of stuff...

--
Toosmoky.
Ride the Penguin...
http://toosmoky.d2.net.au

[user unknown]

If you don't run any server, why do you need a firewall?

[OErjan]

to keep unwanted traffic from your computer. it is advisable to have one.
i have some 10-20 pages of log/day from things atempting my computer,
ok mostly calls to known trojans... and ofcource atempts to use known vounerabilities in misc software Outlook... and |gasp| yes even linux software, an previous version of cgiemail to name one.
i regularly upgrade and patch my computer and have minimum of installed software (Debian and slackware, none above ~400Mb installed).
as number of posible security holes increase with number of programs... i keep them to minimum and have a well patched kernel with a good iptables script and two firewals beween me and the net. one linux router/firewall and one D-link (for the w-lan).

http://ww.debian.org/security/ for more on linux security (Knoppix is basicly Debian so...)

[user unknown]

. it is advisable to have one.

I asked 'Toosmokey' why he want's a firewall, and he is running linux, not outlook or things like that.
In my opinion, firewalls are the hype of the day.
Most private users don't need any server, so running a firewall is the wrong decision.
The traffic isn't away of your computer - it's on the firewall.

If you don't listen to a port, how shall your system get affected?
I don't run cgiemail and perhaps Toosmokey doesn't too.

Sorry, but I cannot find an argument in your post.

I don't start inetd automatically.
When it is started, the services are only enabled in the local net.
No need for a firewall at all, nor for an additional computer consuming power to make some noise and write funny logfiles.

And I don't need a router (with an additional firewall) too.