emilioestevezz

Hi, i´ve installed Mandrake Multi Network Firewall , and it works great! i can share internet connection without any problem, but this is when things go black for me , i must connect an existing server (web, mail, mysql) to the DMZ area of MNF, it´s a Mandrake 10, with a single ethernet, the thing is i dont know exactly how to do this, i´ve connected this server to the MNF pc with a crossover patch, and added some simple rule to the firewall section on MNF but i can´t reach the single server. My boss is gonna kill me , cause now he can browse the web faster than before, but cant send or receive mails, etc, etc, Any ideas? PS: On the MNF pc the ethernet card used for DMZ ip is 192.168.1.0 and the single server im trying to connect ip is 90.0.0.2, the rule i´ve added to the mnf firewall section is ACCEPT from lan to DMZ:90.0.0.2 port 22 just to see if i can ssh to it, but when i try it from local network pcs all i get is connection timed out.

Hi, Chris, thanks for the reply, The output for iptables is too big, but i was able to copy this from the logs maybe it helps: Apr 29 13:02:52 estudioviegas kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=ppp0 SRC=90.0.0.43 DST=200.42.0.108 LEN=70 TOS=0x00 PREC=0x00 TTL=127 ID=22548 PROTO=UDP SPT=1172 DPT=53 LEN=50 Apr 29 13:03:00 estudioviegas kernel: Shorewall:OUTPUT:REJECT:IN= OUT=eth1 SRC=10.0.0.3 DST=10.0.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=56471 DF PROTO=TCP SPT=35655 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Apr 29 13:03:15 estudioviegas kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=ppp0 SRC=90.0.0.14 DST=200.42.0.108 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=56583 PROTO=UDP SPT=1032 DPT=53 LEN=43 Apr 29 13:03:23 estudioviegas kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=ppp0 SRC=90.0.0.14 DST=200.42.0.108 LEN=69 TOS=0x00 PREC=0x00 TTL=127 ID=58631 PROTO=UDP SPT=1034 DPT=53 LEN=49 Apr 29 13:03:30 estudioviegas kernel: Shorewall:all2all:REJECT:IN=ppp0 OUT= MAC= SRC=209.200.31.126 DST=200.122.10.107 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=47119 DF PROTO=TCP SPT=80 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 Apr 29 13:03:50 estudioviegas kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=ppp0 SRC=90.0.0.14 DST=200.42.0.108 LEN=73 TOS=0x00 PREC=0x00 TTL=127 ID=41736 PROTO=UDP SPT=1043 DPT=53 LEN=53 Hope it helps.

Hi, i ve configured a Mandrake 10 server, as mail,web, mysql server plus its firewall to share adsl connection to other terminals. I have shorewall as firewall configured to let terminals browse the net , the problem is that i can´t access internet from the server, i need to use cpan to download some modules , but i realize i cant, in the syslog it shows that connection try as REJECTED. I also try to ftp from the server, use lynx to browse the web, wget, etc, but can´t either. So can anyone give me any pointer to solve this, so i can use cpan to access the web??? Thanks Emilio

Do you have port 22 in your firewall opened?, Sounds like firewall issue. You have to define a rule that let comunications to that port from net.

Hi, i have a server at work, that has Mandrake 9.0 on it, and i would like to install 10.0 on it, the thing is that i´ve got lots of users data on that hard disk. Is there a way to install 10.0 over the old 9.0 without loosing data at /home??? or i MUST clear all hd data first? I know that when you begin the instalation process you can set to leave the partition right as it is, but is this secure?? and does it really install the new 10.0 or it only upgrades the packages ??? Thanks. Emilio.-

Hi, i´ve installed perl and i am getting packages via cpan but apparently the mirrors that i use are down , how can i change the mirrors to use from the command line??? And do you have any good mirror to recomend?? Thanks to all! Emilio

No i didn´t cos after using this dedicated server i have one box with the firewall, webserver and mail server all in one working fine trough port 80, but now separating the firewall is causing me trouble. I m sure it must be some configuration problem , but i cant figure it out by now. Thanks. Emilio

Yeah! It sounds like a network card problem to me! I would, try and replace the card. Also, are you using SAMBA!???? If you re, check the smb.conf , the master browser section it could drive you crazy like one time it happened to me!. Hope it helped!! Emilio

Hi, i ve a firewall running mandrake 10, just as a firewall only, with shorewall 2.0. Then i got another box running mandrake 10 too, but his one has mail and webserver, the thing is that i can send and reciebe mails internally and to the big net, but when other people from the net try to access the webserver they get "conection refused" and only from the intranet they can see the website. On the firewall i have a rule that says: DNAT net loc:90.0.0.2 tcp 80 90.0.0.2, is the ip of the host where the webserver (apache 2.0) is runnig. I was told that was the only thing i got to configure on the firewall´s rules was this DNAT rule but its not working as i expected. Can anyone help me with this?? If you need more details or config parts just tell me. Thanks. Emilio.

Yes, it could be another solution, but i think im gonna try to do the other thing, but thanks! Emilio.

I ´ve read on some security article on the net that one of the basic meassures for securing a server was to remove the root user to directly log, this means that you should first log in as a regular non priviledged user and the "su" to the root account. It seems rather logical and harmless to me, so i will do it. I was also looking on some articles and i think i got an idea of how to do it, i think its just a matter or removing the root from a system file that controls the users that can log, but i don´t know which file and where is it located, i guess it must be on /etc. Thanks. Emilio

Hi, for structural reasons, i have a host that doesn´t have monitor , keyboard and mouse, the only way of gaining access is trough ssh from only one terminal, but, i can enter as root, i would like to unable this posibbility but the only way of doing this is from the command line, and i don´t know where to modify this. Any clue? Thanks. Emilio.

bvc, it worked. you too idud, thanks guys!

Hi, i have a box runing Mandrake 10, i almost got all functioning but powering off my pc after computer shut down function on KDE, i guess ACPI and APM packages handle this, but i don know how to exactly enable this modules on kernel. Can anybody help me with this?? Thaks in advance. Emilio

Hi, im trying to install a tv card (Leadtekś WinView 601) ie read a good but not working for me, tutorial on the net called BTTV mini How to. I actually got bttv driver on my box and im using parameters as discrived there (modprobe bttv card=17 and modprobe bttv tuner type=5). The thing is that when i try to watch tv with xawtv or tvtime, i cant see any chanel, i also configure both programs to use PAL NC, wich is the norm use here, where i live. There is also, one driver its mentioned on several bttv tutorials thats called i2c-algo-bit i m sure i dont have it installed because when i try modprobe i2c kernel says: "Fatal: module i2c, not found" Can anybody help me with this??? Thanks Emilio