emilioestevezz

Hi, i´ve installed Mandrake Multi Network Firewall , and it works great! i can share internet connection without any problem, but this is when things go black for me , i must connect an existing server (web, mail, mysql) to the DMZ area of MNF, it´s a Mandrake 10, with a single ethernet, the thing is i dont know exactly how to do this, i´ve connected this server to the MNF pc with a crossover patch, and added some simple rule to the firewall section on MNF but i can´t reach the single server.

My boss is gonna kill me , cause now he can browse the web faster than before, but cant send or receive mails, etc, etc,

Any ideas?

PS: On the MNF pc the ethernet card used for DMZ ip is 192.168.1.0 and the single server im trying to connect ip is 90.0.0.2, the rule i´ve added to the mnf firewall section is

ACCEPT from lan to DMZ:90.0.0.2 port 22 just to see if i can ssh to it, but when i try it from local network pcs all i get is connection timed out.

Is it the outgoing connection that is being rejected, or the reply?

 

If you post the output of iptables -nvL I could probably give you a rule to type in to enable this (I don't do shorewall, but the rule will add to your config, and can be undone after doing the stuff you need if you like)

 

You may need to install iptables if it's not already installed.

 

Chris

<{POST_SNAPBACK}>

Hi, Chris, thanks for the reply,

The output for iptables is too big, but i was able to copy this from the logs maybe it helps:

Apr 29 13:02:52 estudioviegas kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=ppp0 SRC=90.0.0.43 DST=200.42.0.108 LEN=70 TOS=0x00 PREC=0x00 TTL=127 ID=22548 PROTO=UDP SPT=1172 DPT=53 LEN=50

Apr 29 13:03:00 estudioviegas kernel: Shorewall:OUTPUT:REJECT:IN= OUT=eth1 SRC=10.0.0.3 DST=10.0.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=56471 DF PROTO=TCP SPT=35655 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

Apr 29 13:03:15 estudioviegas kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=ppp0 SRC=90.0.0.14 DST=200.42.0.108 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=56583 PROTO=UDP SPT=1032 DPT=53 LEN=43

Apr 29 13:03:23 estudioviegas kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=ppp0 SRC=90.0.0.14 DST=200.42.0.108 LEN=69 TOS=0x00 PREC=0x00 TTL=127 ID=58631 PROTO=UDP SPT=1034 DPT=53 LEN=49

Apr 29 13:03:30 estudioviegas kernel: Shorewall:all2all:REJECT:IN=ppp0 OUT= MAC= SRC=209.200.31.126 DST=200.122.10.107 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=47119 DF PROTO=TCP SPT=80 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0

Apr 29 13:03:50 estudioviegas kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=ppp0 SRC=90.0.0.14 DST=200.42.0.108 LEN=73 TOS=0x00 PREC=0x00 TTL=127 ID=41736 PROTO=UDP SPT=1043 DPT=53 LEN=53

Hope it helps.

Hi, i ve configured a Mandrake 10 server, as mail,web, mysql server plus its firewall to share adsl connection to other terminals. I have shorewall as firewall configured to let terminals browse the net , the problem is that i can´t access internet from the server, i need to use cpan to download some modules , but i realize i cant, in the syslog it shows that connection try as REJECTED.

I also try to ftp from the server, use lynx to browse the web, wget, etc, but can´t either.

So can anyone give me any pointer to solve this, so i can use cpan to access the web???

Thanks

Emilio

Do you have port 22 in your firewall opened?, Sounds like firewall issue.

You have to define a rule that let comunications to that port from net.

Hi, i have a server at work, that has Mandrake 9.0 on it, and i would like to install 10.0 on it, the thing is that i´ve got lots of users data on that hard disk. Is there a way to install 10.0 over the old 9.0 without loosing data at /home??? or i MUST clear all hd data first?

I know that when you begin the instalation process you can set to leave the partition right as it is, but is this secure?? and does it really install the new 10.0 or it only upgrades the packages ???

Thanks.

Emilio.-

Hi, i´ve installed perl and i am getting packages via cpan but apparently the mirrors that i use are down , how can i change the mirrors to use from the command line???

And do you have any good mirror to recomend??

Thanks to all!

Emilio

Did you try it on odd ports? Most ISPS block webserver and mailserver ports like 80,21,25 and etc...

 

Try an odd port like 10000, or something.

 

I think that'd be your best bet.

<{POST_SNAPBACK}>

No i didn´t cos after using this dedicated server i have one box with the firewall, webserver and mail server all in one working fine trough port 80, but now separating the firewall is causing me trouble. I m sure it must be some configuration problem , but i cant figure it out by now.

Thanks.

Emilio

I'm having some bizarre and random problems that all seem to be associated with networking. I'll outline them briefly here.

 

Often, when I start the computer or log in anew, the network (it's on a small home LAN) won't work at all: eth0 is up, and pinging my own address works, but pinging the address of another computer on the network doesn't. Sometimes, it'll suddenly stop working in the middle of a session for no apparent reason, although not when there's constant network activity, like Gaim or constant pinging of another machine on the network. It seems to take an arbitrary period of time to start working, but pinging another machine on hte network whilst being pinged by that machine seems to get it working faster.

 

Also, I've had problems with hard-locks and program freezes with programes associated with networking: Mozilla is unstable (often freezes and needs to be killed), and a program called reoback that I was using to backup accross the network predictably caused system hard-locks that required pressing "reset" to undo. I have also had a hard-lock of that sort for no reason whilst typing a message in a form (message board) in Mozilla.

 

Does this sound like a hardware or software problem? (I have a spare NIC that I could try, but opening this el-cheapo case is never fun). If software, any ideas on how to get it to work properly? It was working fine under Win2k, but I know that that doesn't necessarily rule out a hardware fault.

 

Thank you in advance for any help :-)

<{POST_SNAPBACK}>

Yeah! It sounds like a network card problem to me! I would, try and replace the card.

Also, are you using SAMBA!????

If you re, check the smb.conf , the master browser section it could drive you crazy like one time it happened to me!.

Hope it helped!!

Emilio

Hi, i ve a firewall running mandrake 10, just as a firewall only, with shorewall 2.0. Then i got another box running mandrake 10 too, but his one has mail and webserver, the thing is that i can send and reciebe mails internally and to the big net, but when other people from the net try to access the webserver they get "conection refused" and only from the intranet they can see the website.

On the firewall i have a rule that says:

DNAT net loc:90.0.0.2 tcp 80

90.0.0.2, is the ip of the host where the webserver (apache 2.0) is runnig.

I was told that was the only thing i got to configure on the firewall´s rules was this DNAT rule but its not working as i expected. Can anyone help me with this??

If you need more details or config parts just tell me.

Thanks.

Emilio.

You can make it harder for root to have access by removing the "allow root password" option.

This means that  root (or anyone else) can only get in if the keys match.

You could also configure your firewall to allow root, but only from a specified IP.  This is very secure, but  could cause untold problems if your IP changes etc.

<{POST_SNAPBACK}>

Yes, it could be another solution, but i think im gonna try to do the other thing, but thanks!

Emilio.

Just a question, though:  Why do you want to restrict root access?  Seems to me that you would want root access into a server.  Are you afraid of other users getting into your server?

<{POST_SNAPBACK}>

I ´ve read on some security article on the net that one of the basic meassures for securing a server was to remove the root user to directly log, this means that you should first log in as a regular non priviledged user and the "su" to the root account. It seems rather logical and harmless to me, so i will do it. I was also looking on some articles and i think i got an idea of how to do it, i think its just a matter or removing the root from a system file that controls the users that can log, but i don´t know which file and where is it located, i guess it must be on /etc.

Thanks.

Emilio

Hi, for structural reasons, i have a host that doesn´t have monitor , keyboard and mouse, the only way of gaining access is trough ssh from only one terminal, but, i can enter as root, i would like to unable this posibbility but the only way of doing this is from the command line, and i don´t know where to modify this.

Any clue?

Thanks.

Emilio.

bvc, it worked. you too idud, thanks guys!

Hi, i have a box runing Mandrake 10, i almost got all functioning but powering off my pc after computer shut down function on KDE, i guess ACPI and APM packages handle this, but i don know how to exactly enable this modules on kernel. Can anybody help me with this??

Thaks in advance.

Emilio

Hi, im trying to install a tv card (Leadtekś WinView 601) ie read a good but not working for me, tutorial on the net called BTTV mini How to. I actually got bttv driver on my box and im using parameters as discrived there (modprobe bttv card=17 and modprobe bttv tuner type=5).

The thing is that when i try to watch tv with xawtv or tvtime, i cant see any chanel, i also configure both programs to use PAL NC, wich is the norm use here, where i live.

There is also, one driver its mentioned on several bttv tutorials thats called i2c-algo-bit i m sure i dont have it installed because when i try modprobe i2c kernel says: "Fatal: module i2c, not found"

Can anybody help me with this???

Thanks

Emilio

Hey everybody, im trying without success, to configure shorewall for using proftp in my linux box thing is when trying to access via webbrowser it tells me that the conection was refused.

Any tips??

Hi, im totally new to printing on linux, and i can't use a printer that is installed on a Microsoft Windoze Nt. 4 trough the network, when i enter the mandrake control center on the printer wizzard it can't detect the nt printer.

How can i install it???

Thanx

Emilio

Hi, i have 2 fisically separated hard drives, in the first one (primary master) i ve got windoze 98 se and on the other (secondary master) i ve got mandrake 9.1 the thing is that when i reboot the pc when it loads the lilo it won´t load nor windows or linux, and began to fill the screen with 99 99 99 99 99 99....

what did i do wrong?? then if i do an fdisk /mbr on the windows hd i can at least boot windows but i cant use the linux hd. any clue???

Thanks.

Emilio

Hi all,

 

I've decided to "attempt" to setup webmail.  Is this something that would be done on a basic server or on a web server?  I searched and found some great tutorials on this subject on the web but they never really talk about the type of server that is needed to accomplish this.  Do I even need a server?  I've decided to utilize the great server tools and utilities that Mandrake offers.

 

Thanks for your help.    :)

Hi, Darksky:

Well, im not an expert in the field, as a matter of fact im new to linux too, but i´ve configured a web/mysql/mail/webmail server at work, i don´t know exaclty what do you need, but , most of the secure and stable webmail systems require a webserver , php and mysql server to be setted up all of this assuming that you already have a mail server POP/IMPAP and SMTP, up and running, i m not sure if it could be a webmail system that really works without all this, but if you let me give an advice, do it completely it worth it! if you learn how to configure a good webmail with the usual requirements, you gonna have yourself a secure an stable webmail, if you want, just go to horde.org they have an excelent webmail system called IMP, that ´s the one im using it a little hard to configure it, but man, what a webmail-system. Just check it out.

Good Luck.

PS: i ´ve configured without any php and mysql knoledge so that should give you more corage!!!

I use to have the same problem, try this:

Edit /etc/ppp/pppoe.conf

At the very beggining of the file you must find the #Ethernet Card connected to the adsl modem, title, then it should read:

ETH=eth1 (this is my case, because my adsl modem is connected to eth1 ethernet)

Here is the problem, i dont know if this is the bug, but in my case the original statement was:

ETH=eth1 (using 3com module)

i mean the "(using 3com module) shouldnt be there cos it wont connect properly, so if you have ETH=ethx (XXXXX) just delete the (XXXXXX) just leave ETH=ethx nothing more nothing less.

The same should be checked at /etc/sysconfig/network-scripts/net-cnx-up:

at the 3º line check for ethx (XXXXXXXX) just delete (XXXXXXXX) save and then:

at konsole type:

service internet restart

service adsl restart

if this was the problem you should get ......Connected!

Hope it works.

Emilio

Hi, i need to change rwin value in my mandrake 9.1 box, and i dont knw where and how to do it, any clues????

Thanks.

Emilio

Hi, im trying to configurate a webmail that uses php i got it installed on my box but i think its not functioning well is there any simple test to do for knowing if its functioning???

Also, the webmail keeps telling me to reintall libmxs, i did so, but it keeps telling me the same, what darn thing should i do???

Thanx

there need to be some files in /var/www/html/squirrelmail (or whatever dir you what i in) and then you would go to http://127.0.0.1/squirrelmail to test it (and you can replace 127.0.0.1 with your IP or hostname)

I followed all the instructions of the install file but when i test it , i get "the page cannot be displayed" in the browser.

Hi, i got my shorewall from shorewall.net and configure it and now its up and running but i still have a problem, wich is that wich most sites when i download some file it starts good lets say 50 to 60k but starts falling down to 30 or even 20k. What might be causing this??? any clues?

Hi, this time, i can not configure squirrelmail webmail, i ve checked all requierements and i think all of them are done, i mean, i ve got PHP last version , Mysql, and apache (php mod enabled) installed in my linuxbox, but i just cant make it function. I ve got postfix up and runing ok, an imapd server that its ok but i just dont know where im wrong. Can anybody give some clues???

Thanks.