streeter

You don't need a proxy, DNS server and DHCP server running. The Mandrake wizard will try to set these up for you, and often fails... see this thread:A similar query Chris

Port 10000 is the port webmin listens to - Webmin is a graphical remote admin tool. If you have webmin running (and firewall open etc..) you can log in to your machine using a web browser via the internet and change the settings of nearly everything. Webmin is also extremely useful for general (local) admin - well worth installing (urpmi webmin). You can then access it in any browser by typing https://<your ip address>:10000 . Note the 's'. <your ip address> can be localhost or 127.0.0.1 if you are accessing it from the same machine. Chris

Strange - have you recompiled the kernel? If so, you need to compile again, but look for and enable the ppp stuff when you do the configuration. What kernel are you using? (type uname -a) Could try typing depmod (as root) and trying again. ppp_async is a kernel module (driver) - should get loaded automatically when you dial up, along with a couple of others - here's the output of lsmod | grep ppp when I'm dialled up on my machine: ppp_deflate 4216 0 (autoclean) ppp_async 8672 1 ppp_generic 24036 3 [ppp_deflate bsd_comp ppp_async] slhc 6328 0 [ppp_generic] Yours should be similar. Chris

What I would do first is run ethereal (a packet sniffer) on the web server, get somebody to make a request to the server and check the output of ethereal to make sure the request has got through. If it does, look at the apache config. If not look at the firewall. Chris

As I said, I have never used ipchains, and it isn't worth learning it fully, but if I were doing this with iptables, I would get the router to forward requests on port 8080 to the webserver and set the FW up to simply forward these requests as-is. It would look like this: iptables -A FORWARD -p tcp --dport 8080 -d 192.168.1.1 -j ACCEPT the IP address should be your web server. Looks like forwarding in ipchains is identical to me: ipchains -A forward -p tcp --dport 8080 -d 192.168.1.1 -j ACCEPT I would probably stick it just above the "Deny SMTP forwarding" line. Unlike iptables, I think ipchains runs packets through the input filter before forwarding packets, so you may need to allow this first, probably with: ipchains -A input -p tcp --dport 8080 -d 192.168.1.1 -j ACCEPT If you always connect to the server from the same IP address, you could increase security by adding -s xxx.xxx.xxx.xxx (your address) to both the above. IP forwarding is already enabled in your script and the default policy is to deny, so you don't need to worry about that. I am assuming you are actually requesting port 8080, i.e http://xxx.xxx.xxx.xxx:8080 May work, assuming the router is forwarding properly, and has a gateway set up in its routing table to the webserver machine. Simply allows any request to 8080 - no further checks. This may not be the best way anyway - the script may set up other (user defined) chains where the rules ought to be, for instance. Take back part of what I said about 500 lines - looks like most of it is comments... Is this a 'standard' Red Hat script? Perhaps there is a 'front end' to it. A bit vague, I am afraid, but may give you something to be going on with :) Chris

I agree completely - my note about the 500 line script tells me the script is perhaps overly complex. Why is ipchains still in use at this site? Perhaps an old kernel? Perhaps Sapphiron has no choice - company policy? Bottom line is (IMHO) that Sapphiron needs to learn firewalling if he/she is/has been put in charge of maintaining it, and may find it better to start afresh, perhaps with iptables/shorewall? After all, if you alter the firewall, you are responsible for security, therefore you should know what you are doing... Chris

500 lines??? This must be a complex network... I have never used ipchains, but can probably work it out for you from the howtos (the principle of firewalling is similar whatever you are using). How is the network set up? e.g. presumeably you using a single public IP address and NAT, is the firewall on a different PC to the web server?, what are the IP addresses? IUs the router set up to forward port 8080 to the target machine? If you already have any servers running, for example POP or SMTP, you can probably simply copy the relevent line and substitute the port numbers/ip addresses. Also, where did your script come from - presumeably you didn't write it yourself... Actually, on second thoughts, perhaps it is not a good idea you editing this script without thoroughly learning ipchains - if this is your (important) office script, it's not a good idea to publish it here, and without it we won't know where to put the commands... Chris

Have a look at my howto here: Simple network setup. Read in conjunction with the sticky post at the top of the networking forum - post the output of the commands listed in the howto if you have any problems. Edit> just noticed how many posts you have made - apologies for treating you as a newb.. :) Chris

Try disabling plug and play in the bios. If that doesn't work, please post the make and model of the card - then we can see if the driver module is loading. Chris

Haven't seen a busy message before - could you post the exact wording. Can you ping the interface and gateway? (see the howto) If not, please post output of "ifconfig" , "route -n" and the make/model of your card. Chris

OK - here's what to do in the first instance (we will set up a static address): Edit /etc/sysconfig/network-scripts/ifcfg-eth0 so it looks like this: DEVICE=eth0 BOOTPROTO=static IPADDR=192.168.0.102 NETMASK=255.255.255.0 NETWORK=192.168.0.0 BROADCAST=192.168.0.255 ONBOOT=yes MII_NOT_SUPPORTED=yes and /etc/sysconfig/network so it looks like this: HOSTNAME=psychosis NETWORKING=yes GATEWAY=192.168.0.1 You will also need the IP address of your nameserver at the top of /etc/resolv.conf: nameserver 192.168.0.1 Then reboot. If it doesn't work now, have a look at my howto here: simple net setup which gives you a few other things to try and some tests (pings) you can do and what output to post for further help (e.g. 'ifconfig' and 'route -n'). Good luck! Chris

What didn't work?? If you post the settings from Windows here, we can tell you what to enter where in Linux... BTW it's winipcfg or ipconfig depending on your version of Windows. You need to open a Windows console either by finding it in the start menu or selecting start->run->command or cmd, again depending on the Win version. Chris

Have a look at my howto at http://web.onetel.net.uk/~showerail/simple_net_setup.html and the sticky post at the top of the networking forum. If you still have no joy, the howto tells you what information to post here. The output of the 'ifconfig' and 'route -n' commands being most important in the first instance. Don't worry about the wireless stuff in ifcfg-eth0, and the MII directive is for hotplugging - best set at yes for now if you are having problems. Chris

If it stops (for about 20 seconds?) and then carries on, it is probably looking for a DHCP server to allocate it an address. The easy solution is to set it up with a static address, or perhaps try turning on any modem/router you may have that is running a DHCP server, waiting a little, then turn on your PC. If it doesn't stop while booting, but you are just getting an error message, I would ignore it :) Chris

Unless anybody has a better idea, and as this is a new installation, I would probably re-install and try again. If you stop the postfix processes, can you ping as a user then? Are you trying to send loads of mail? Chris

The module is loaded (8139too), and the eth0 interface is appearing in ifconfig, so it is looking good. What exactly is your problem - you cannot connect to the internet? Or cannot get on your LAN? How are you connecting to the internet - adsl modem? Have you a router? Or are you connecting through dial-up? Please post your hardware setup - looks like you are nearly there :) Chris

Are you still there? :) To me, this implies you are not even listening on this IP address - you ought to be able to connect to the IP address from the same machine without changing your firewall or hosts.allow (unless you have changed them...). So add the address to the sshd config (webmin?) and try again. Chris

You need to set up ssh properly - have you tried webmin? Chris

Yes, it is probably msec - have a look here: http://www.mandrakesecure.net/en/docs/msec.php Chris

What error messages do you get from the various applications? Have you checked the timeouts in the KDE configuration stuff? (start menu->system->configuration->KDE->network->preferences) Mine are: Socket Read - 15 s Proxy Connect - 10 s Server Connect - 20 s Server Response - 600 s These are the defaults. Don't know if changing them will make any difference - what sort of time do you have to wait when you get a timeout? Have you tried using an alternate nameserver, from another ISP? Get the address from their website and put it at the very top of /etc/resolv.conf. Do you have to use any sort of proxy at your ISP? If this was my PC, I would run a packet sniffer to see exactly what was going on - if you can understand it, try installing/running ethereal and browse to a site to see what output you get. Chris

Don't select no firewall - make sure everything is deselected, them make sure you choose the correct device for connecting to the internet - ppp+ for dial-up or eth0, eth1 etc for a LAN connection. I suspect you chose the wrong option. The firewall will then be active and still allow replies to your requested packets back in, while blocking new input . Chris

I wouldn't say that not having a firewall was not a problem - it IS fairly safe on dial-up, but we don't know what's around the corner (undiscovered security holes for instance...) You should at the very least disable those servers you are not using - ssh, rpc, nfs etc - with no firewall, 'random' portscans will pick them up - you don't want that - suppose your ssh server is set up and you have a bad password :) You can disable unwanted services in the control centre (mcc) You probably won't come to any harm without a firewall, but best to be on the safe side. As for setting up your firewall, deselect all the tickboxes, including the 'everything' tickbox. Don't worry about allowing things like imap, DNS and POP through - this refers to new connections from the outside - we want to block them. The best state is to only allow replies to your requests and to completely ignore everything else - you should get this by deselecting all the boxes. Chris (paranoid)

Have a browse through your log files in /var/log - whatever is doing this (msec perhaps?) ought to leave a record of it. What security level are you running at? Chris

If you mean you want it to start if you click on an html file, you need to go to system->configuration->configure your desktop in the 'start' menu and select components->file associations. Select text/html and change the application order. If you just want a shortcut on the KDE desktop, right click on the desktop and select create new->file->link to application. Change the dialogue to point to firefox. If you want an entry in your start menu, right click on the star icon and choose menu editor. Chris

You can also override individual settings - have a look here:http://www.mandrakesecure.net/en/docs/msec.php Chris