Axisinc636
-
Posts
16 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Axisinc636
-
-
that was a portscan of the server from within the servers local network not connected via vpn. i cant run this test now unless theres a way to test through a loopback, instead i will test this when i can remote in later and post results
-
I am connecting the tunnel from my laptop the client from multiple places (hotspots, free wireless) so restricting it to one ip isnt an option. let me ask you this how would i configure shorewall to allow vpn connections to IP's that are connected via ssh. because im usually connected via ssh to forward kde over vnc, in that case could i tunnel the vpn through the ssh connection. would that be reliable and expandable for now until i solve the shorewall issue
-
its a linksys wrt54gs
Ip tools from my main pc running xp puts out....
Address : 192.168.1.2
Name : AXISSERVER
Ping .... Ok, Time : 0
Port 22 ... Ok !
Port 80 ... Ok !
Port 111 ... Ok !
Port 139 ... Ok !
Port 443 ... Ok !
Port 445 ... Ok !
Port 631 ... Ok !
Port 1723 ... Ok !
Port 2049 ... Ok !
Port 2049 ... Ok !
Port 6000 ... Ok !
Port 10000 ... Ok !
12 (of 1491) open port(s) detected
-
Unfortunatly as you can see in my router config my forwarding list is full. Someday ill be confident that i understand shorewall enough to allow it to be my networks firewall,hopefully asap. but, axisserver is my only linux based test machine and my personal server so being able to master basic controlling in shorewall before i dmz axisserver is priority as i have security in mind as well.
-
You need to see these pages, then you could understand my situation. I made images of netlayout and put on my gallery, I can access it from any pc-anywhere you should be able as well. First one is my router config port restrictions (It has built in support for vpn). Second one is my network diagram.
http://axisinc636.dontexist.net/gallery2/m...?g2_itemId=5670
http://axisinc636.dontexist.net/gallery2/m...?g2_itemId=5666
Shorewall configs
#########From rules
Action Source Destination Protocol Source ports Destination ports
INCLUDE Zone rules.drakx Zone Any
ACCEPT Zone net Firewall Any
#rules.drakx
ACCEPT net fw udp 137,138,139,445,1024:1100 -
ACCEPT net fw tcp 80,443,22,137,138,139,445,1024:1100,5900,10000
#########net interfaces
eth0 net Automatic None
ppp+ vpn Automatic None
#########vpn tunnels
VPN Type Zone for interface Remote gateway Gateway zones Add
GRE vpn
########default policy
Source zone Destination zone Policy Syslog level Traffic limit Move Add
Firewall net ACCEPT None None
net Any DROP info None
Any Any REJECT info None
and whatever else you may need to know, please let me know
-
Look at the hyperlink in my first post, Axislap is my client (my mobile pc or VPN client) although at some time I may add more than one VPN client. Axisserver has a static IP of 192.168.1.2 with one network interface and is also a master browser WINS server for my network. Axismain is my main pc running XP that is a DHCP client to my router (recieves 192.168.1.100) and has my windows shares that I want to access through my VPN. I could care less about any other PC on my network for now. usually getting the first one working correctly is the hardest part.
[root@AxisServer axis]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address Stat e PID/Program name tcp 0 0 0.0.0.0:2049 0.0.0.0:* LIST EN - tcp 0 0 0.0.0.0:2273 0.0.0.0:* LIST EN 3589/mysqlmanager tcp 0 0 0.0.0.0:51042 0.0.0.0:* LIST EN - tcp 0 0 0.0.0.0:45155 0.0.0.0:* LIST EN 4201/rpc.mountd tcp 0 0 0.0.0.0:901 0.0.0.0:* LIST EN 3378/xinetd tcp 0 0 0.0.0.0:139 0.0.0.0:* LIST EN 4876/smbd tcp 0 0 0.0.0.0:5900 0.0.0.0:* LIST EN 3378/xinetd tcp 0 0 0.0.0.0:111 0.0.0.0:* LIST EN 3343/portmap tcp 0 0 0.0.0.0:10000 0.0.0.0:* LIST EN 4998/perl tcp 0 0 0.0.0.0:80 0.0.0.0:* LIST EN 4936/httpd tcp 0 0 0.0.0.0:48272 0.0.0.0:* LIST EN 3395/rpc.statd tcp 0 0 0.0.0.0:6000 0.0.0.0:* LIST EN 3600/X tcp 0 0 0.0.0.0:631 0.0.0.0:* LIST EN 3594/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LIST EN 3915/master tcp 0 0 0.0.0.0:443 0.0.0.0:* LIST EN 4936/httpd tcp 0 0 0.0.0.0:1723 0.0.0.0:* LIST EN 3570/pptpd tcp 0 0 0.0.0.0:445 0.0.0.0:* LIST EN 4876/smbd tcp 0 0 0.0.0.0:7741 0.0.0.0:* LIST EN 4650/lisa tcp 0 0 :::6000 :::* LIST EN 3600/X tcp 0 0 :::22 :::* LIST EN 3453/sshd tcp 0 0 :::631 :::* LIST EN 3594/cupsd udp 0 0 0.0.0.0:2049 0.0.0.0:* - udp 0 0 0.0.0.0:52616 0.0.0.0:* 3536/avahi-daemon: udp 0 0 192.168.1.2:137 0.0.0.0:* 4886/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 4886/nmbd udp 0 0 192.168.1.2:138 0.0.0.0:* 4886/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 4886/nmbd udp 0 0 0.0.0.0:10000 0.0.0.0:* 4998/perl udp 0 0 0.0.0.0:7741 0.0.0.0:* 4650/lisa udp 0 0 0.0.0.0:49857 0.0.0.0:* 4201/rpc.mountd udp 0 0 0.0.0.0:36433 0.0.0.0:* - udp 0 0 0.0.0.0:36948 0.0.0.0:* 3395/rpc.statd udp 0 0 0.0.0.0:603 0.0.0.0:* 3395/rpc.statd udp 0 0 0.0.0.0:5353 0.0.0.0:* 3536/avahi-daemon: udp 0 0 0.0.0.0:111 0.0.0.0:* 3343/portmap udp 0 0 0.0.0.0:631 0.0.0.0:* 3594/cupsd udp 0 0 :::177 :::* 3465/kdm -
The server IP is 192.168.1.2
client ip range is 192.168.50-60
i can only see myself in net neiborhood
if i ping axislap i get reply from 192.168.1.100 (i think this is cache from when i was testing with xp's version of a vpn server)
i can ping 192.168.1.50 and get a reply as well
i cant ping 192.168.1.2
which ports are required 1723 and 47 or the samba ports 137-139 as well?
updated ping log from axislap when connected VPN to axisserver
C:\Documents and Settings\Joe Mershon>ping 192.168.1.50 Pinging 192.168.1.50 with 32 bytes of data: Reply from 192.168.1.50: bytes=32 time<1ms TTL=64 Reply from 192.168.1.50: bytes=32 time<1ms TTL=64 Ping statistics for 192.168.1.50: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Control-C ^C C:\Documents and Settings\Joe Mershon>ping axislap Pinging axislap [192.168.5.112] with 32 bytes of data: Reply from 192.168.5.112: bytes=32 time<1ms TTL=64 Reply from 192.168.5.112: bytes=32 time<1ms TTL=64 Reply from 192.168.5.112: bytes=32 time<1ms TTL=64 Reply from 192.168.5.112: bytes=32 time<1ms TTL=64
-
Since this seems like this thread is going nowhere, Should I ask if there is anyone that has gotten windows network browsing (or at least able to map network drives to the vpn server and/or a local LAN PC to the VPN Server) to work over PPTP VPN using windows xp as a client and mandriva as the PPTP VPN Server, but in my type of network configuration where the mandriva box is just another node on my LAN not as my main firewall/router? Is it my network config making this connection difficult? Would making my mandriva server my DMZ on my router solve half the problem? please give me some insight as to how i need to make changes to make this work....I really dont want to use winblows wannabea VPN to solve this. Any help or direction in providing a solution is greatly appreciated.
-
I got the connection established through my DynDNS and retrieves a IP from my server but I cant view my windows shares. I'm almost positive its a shorewall config issue or routing issue in general, i use webmin to configure my shorewall. How do i go about allowing traffic from my server through to the local network. my server is not my firewall it is behind my firewall.
Using Mandriva 2008.1
PPTP VPN
See my network topology
http://axisinc636.dontexist.net/NetworkLayout.htm
Ang give me a hand please
-
After thinking I crashed my box after the update.....I copied something after to my roots desktop that filled the / partition.
All is well... for now anyway. I really need to create a partion for backups. This may be my first post and first almost completely configured server box but ive been using mandrake for years, throughout the improvements it made each step definatly helped me understand it and the reason why it is what it is, theres still a lot for me to learn, and im sure il be back here soon. I want to eliminate winblowz on my boxes....
My solution was to reconfigure 2008.0 sources.
update (although it didnt have anything to update)
remove them sources, and add 2008.1 sources. Update them 1300+ packages.
this enabled -mirrorlist switch. Which then allowed me to use easy urpmi for plf repositorys.
install transcode (now to figure out how to use it lol)
-
mustve run into some bad mirrors, i now have the 08.1 upgrade running through rpmdrake at 1382 packages ill let that be overnight and check it tomarow after work.
-
cat /etc/release Mandriva Linux release 2008.0 (Official) for i586
-
im using 2008.0 everything is current. is the solution to add the 2008.1 repos to get the updates. if so i tried and my list of dependency errors grows larger. whatd be the command to remove the packages with dependency problems to possibly correct them with a reinstall from rpmdrake. or correct me as to how that works
-
Didnt quite work as expected, i updated my distro and update sources. rpmdrake and urpmi still didnt give me the option to install libgraphvis4 i have libgraphvis3 installed. whats next
http://axisinc636.dontexist.net/gallery2/m...?g2_itemId=5648
-
I fought for a while trying to install the PLF repositorys, since easyurpmi wasnt working for me i had found a command to install them (i didnt have the --mirrorlist switch for some reason) see image for output
http://axisinc636.dontexist.net/gallery2/m...?g2_itemId=5645
How do i fix my dependency errors?
[moved from Software by spinynorman - welcome aboard :)]
Forward VPN
in Networking
Posted
It this point im lost, if i do a vpn to my internal xp machine i can at least map a net drive but cannot see anything external to the xp box (local network). i can get as far as connected with the Mandriva box but am unable to get anything else. i think i may try a different route with this like a WebDAV export on my apache server or something, cause this VPN stuff is developing migraines. thanks for the help in this situation, i may try again someday