anp66
-
Posts
4 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by anp66
-
-
Hi Again
I've got confused over alle thise configurations files so I've started all ower, then I've get rid off the duplicated rules.
So here are the new clean files.
[root@MyServer shorewall]# more masq
eth1 192.168.1.0/255.255.255.0
[root@MyServer shorewall]# more zones
net Net Internet zone
masq Masquerade Masquerade Local
loc Local Local
[root@MyServer shorewall]# more interfaces
net eth1 detect
masq eth0 detect
[root@MyServer shorewall]# more rules
ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -
ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -
ACCEPT fw masq tcp 631,515,137,138,139 -
ACCEPT fw masq udp 631,515,137,138,139 -
[root@MyServer shorewall]# more policy
masq net ACCEPT
loc net ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info
I've thing the changes shoud be done in the configuration files: rules and policy
Best regards
Anders
-
Hi super users
I've have a problem when Shorewall firewall is active.
In that situation it is impossible to ping the Mandrake (9.1) box from an XP client in the same network.
I've had used the "Internet sharing" button to share the internet connection between Mandrake and XP box. I've thing that "Internet sharing" thing use Shorewall.
The situations is this:
When I've disconnect Shorewall, ping (and Samba) works, but the "Internet sharing" doesn't. :o
When I've use "Internet sharing" button the sharing thing works B) , but I've can't ping from XP to Mandrake.
In both situations I've can ping from Mandrake to XP.
The Mandrake box have 2 netcards. A "red" one connected to the world (internet) and a "green" one (192.168.1.1).
The XP box have a "green" netcard 192.168.1.253. IP address not static but optained from Mandrake (DHCP).
How do I've setup Shorewall so the XP box can ping Mandrake ?
Another (bad) solution: How do i share the internet connection without using Shorewall ?
Hope someone can put me in the right direction.
Best regards
Anders
-
Hi
I've have a Mandrake 9.1 server sharing the internet connection
for my home network.
On that network is (my girlfriend) WinXP containing the filesharing program Blubster.
The problem is that Blubster can't connect.
I've have found this help (http://www.blubster.net/help/howto.html):
*****
How to turn off XP Firewall to enable Blubster connection.
Right click on the network connections settings icon in the bottom right of your screen and left click on “Open Network Connections”
Right click on your current network connection icon and left click on “Properties”.
Left click on the tab marked “Advanced”
Uncheck the “Internet Firewall Protection” box and click “OK”
You will now need to shut down Blubster and restart. You will also need to close your current Internet connection and re-connect for these changes to be applied.
Connect to Blubster using Linux.
iptables-based firewall/router
iptables -A FORWARD -i eth0 -p udp --dport 41170:41350 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp --dport 41170:41350 -j ACCEPT
iptables -A PREROUTING -i eth0 -t nat -p udp --dport 41170:41350 -j DNAT --to 190.666.6.6 iptables -A PREROUTING -i eth0 -t nat -p tcp --dport 41170:41350 -j DNAT --to 190.666.6.6
Change 190.666.6.6 to the address of your machine that is running Blubster. And change eth0 to the interface connected directly with the Internet. The first two lines are only necessary only if your default FORWARD policy is something other than ACCEPT.
********
Without knowing what I'am doing :-), I've trayed the 2 iptables commands as explained, but without any luck.
I've shutdown the firewall, without any luck.
Is there as SIMPLE (urpmi) GUI firewall for Mandrake I've can use to open that UDP port ?
Remember I've don't know anything about "forward" and "prerouting".
I've have been looking at: Smoothwall Express 2.0, it seams simple, but I've would like to use Mandrake tools.
Hope someone can help.
Regards
Anders
:D
Shorewall settings and Samba
in Networking
Posted
I've finely got things working,
that is Shorewall, Internet Sharing & Samba (Connect to XP client).
For your information here is what I've did.
Basicly this link was followed:
http://www.shorewall.net/two-interface.htm
In short:
Remove old shorewall rpm's
clean /etc/shorewall directory
Install new shorewall rpm's (rpm -ivh --nodeps shorewall-2.0.1-1.noarch.rpm)
cp the two-interface sample files to /etc/shorewall directory
Edit the files as described
There is the result, ETH0 is the local netcard, ETH1 is the nectard connected to the world.
zones:
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local Networks
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net eth1 detect dhcp,routefilter,norfc1918,tcpflags
loc eth0 detect tcpflags
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
policy:
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
# Next line is AP line
loc fw ACCEPT
# If you want open access to the Internet from your Firewall
# remove the comment from the following line.
fw net ACCEPT
net all DROP info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
rules:
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP
#
# Accept DNS connections from the firewall to the network
#
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 22
#
# Allow Ping To And From Firewall
#
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp
ACCEPT fw net icmp
#
# Allow Samba on Firewall
#
ACCEPT fw loc udp 137:139
ACCEPT fw loc tcp 137,139,445
ACCEPT fw loc udp 1024: 137
ACCEPT loc fw udp 137:139
ACCEPT loc fw tcp 137,139,445
ACCEPT loc fw udp 1024: 137
#
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
masq:
#INTERFACE SUBNET ADDRESS
eth1 eth0
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
Hope this is usefull for someone :D
Regards
Anders