streeter

I think you may need to set the proxy_interfaces parameter to the address of the port you receive the port forwarded mail on. Chris

Don't know if something like this will work: Presumeably the address of www.host.com will always be 10.x.x.x, so you can do: route add -net 10.0.0.0/8 gw 192.168.0.2 to add a gateway address for the 10.0.0.0 network. You should even be able to do similar in windows with the old DOS route command - is it still there? Then you need to be able to get the IP address from the nameserver - if the nameserver on 10.0.0.1 is fully functional - i.e. it can resolve anything, just use it as your main nameserver. If it only handles the network it is on, put it's address second in the list - when 'www.host.com' is not found (I assume it has a unique name not found anywhere on the Internet??) your PC will try 10.0.0.1 - bit slower, but it should work... This is probably badly flawed somehow :) Chris

Looks interesting... Can you give a little more detail - I don't quite understand what you are trying to do... The DNS server is on a private network - have you any control over it, i.e. can you get requests on port 80 forwarded to the target host, so all you have to do is use the public IP address? Then you wouldn't need the remote DNS server. Or perhaps have a VPN set up? Or is it the public address that is dynamic? In this case there are services that will run a DNS server for you - haven't tried it though. I am wondering why you have 2 gateways - do you have 2 Internet connections? Perhaps a proxy server (e.g. squid) could be configured to do this - I don't know, and cannot spare the time to find out at the moment...sorry. I don't think that netfilter could do what you are asking - AFAIK you can't filter on hostnames. Windows can have static routes set up - you may be able to do something there. Try typing route into a windows command line (I think that's the command) Forgive the waffle - just thinking out loud :) Chris

Actually, I think FW_LOADER already enabled as a module in the standard config (I just looked at my configs - don't remember changing CONFIG_FW_LOADER), but I guess you will still need a configured kernel for compiling the driver? (I don't use it, so I don't know for sure) Chris

Yes and yes. lspci is in the pciutils package - if it's not installed by default, install it with "urpmi pciutils" (as root) again, at the command line (Konsole). The lspci (list pci) command will give a list of what PCI devices your comuter can see. An old fashioned ink rubber is good for cleaning contacts if you have one. Chris

You will have to install, configure and compile the kernel source code. Have a look at the kernel compiling howto: http://www.mandrakeusers.org/index.php?showtopic=4595 in the howto section of this forum. Chris

See http://www.mandrakeusers.org/index.php?showtopic=16484 Chris

Mandrake don't make samba obvious for you do they? Here's what do do: su urpmi drakwizard mv /etc/samba/smb.conf /etc/samba/smb.conf.old touch /etc/samba/smb.conf mkdir /home/public mcc Then go to server wizards->configure samba and punch in the details. You can use the /home/public directory we made earlier when it asks for (I think) a shared directory. Reboot and it may work... You can make permanent mount points from within mcc - choose mount points -> samba mount points if you want to. Alternatively, Use smb4k ("urpmi smb4k" to install it) to mount them when required. Chris

I am paying attention this time :) You don't have a router and are using ppp(OE?). I don't know much about this set-up - I have never used it. What you need to do is masquerade eth0 behind your ppp connection - otherwise known as network address translation. This should work: Put the following command at the beginning of /etc/sysctl.conf net.ipv4.ip_forward=1 Then 'turn off' the redirection to squid that mandrake will have done for you and set up masquerading: Install iptables - type "urpmi iptables", or use the package manager in the start menu or mcc Add the following code to the bottom of /etc/rc.d/rc.local: iptables -t nat -D PREROUTING -i eth0 -j loc_dnat iptables -t nat -A PREROUTING -i eth0 -o ppp+ -s 192.168.1.0/24 -d 0/0 -j MASQUERADE Don't worry if you get an error for the first line. Reboot and let me know if it works... Chris

I think you need to set the proxy_interfaces parameter to the address of the port you receive the port forwarded mail on - eth0 Chris

You don't have an IP address set for eth1. Unfortunately, the Mdk internet connection sharing wizard can be a little unreliable at times... Have you had a look at the sticky post at the top of the networking forum yet? There is a howto link there that should help. Chris

Please post output of lspci

Assuming you don't already have a firewall running, something like this would be an absolute minimum starting point: #!/bin/sh iptables -F #clean out the tables iptables -X common #delete the 'common' chain #Default policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # will allow all outgoing packets - no questions asked unless you add rules to stop them iptables -N common # Create new chain called common iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # allow replies to our requests and 'related' packets - eg for FTP in eth0 iptables -A INPUT -i eth0 -j DROP # drop everything else coming in eth0 iptables -A INPUT -j common # jump to the common chain iptables -A FORWARD -j common # jump to common for all packets to be forwarded iptables -A common -s 127.0.0.1 -j ACCEPT # accept all from localhost iptables -A common -j DROP # dump the rest This is very simple, and may not stop a cracker, but it will stop pings, connection attempts etc from even knowing you are there. You can do a basic test by going to http://grc.com and running the shields up test (it's really meant for windows). Put the script in a file called tables or something in the /etc/rc.d/init.d directory, and symlink it in the /etc/rc.d/rc.3 to 5 directories with a low number, ie ln -s /etc/rc.d/init.d/tables /etc/rc.d/rc.3/S4tables ln -s /etc/rc.d/init.d/tables /etc/rc.d/rc.4/S4tables ln -s /etc/rc.d/init.d/tables /etc/rc.d/rc.5/S4tables You can look at the tables with "iptables -nvL" You should also turn off all services you do not use using drakxservices, e.g. rpc, portmap, samba httpd, ftpd etc... And if you're really paranoid, unplug your lan connection - that'll stop 'em!! Chris

Always reluctant to recommend a firewall script, because I don't want to be held responsible for failure... However, if you are running no servers, using dial-up and want to accept no new input at all from the internet, it shouldn't be difficult to give a short, simple, basic script to work with. If you want to write your own rules, you really need to read up and understand the implications if you get it wrong. Exactly how are you connecting to the internet, and have you an internal network? There is an iptables primer at http://www.linuxguruz.com/iptables/howto/ you may want to look at. The easiest way is to use the Mandrake wizard for your firewall - it uses shorewall, which is a 'front end' for netfilter. Using iptables does the same thing. You may already have a firewall running - type "iptables -nvL" and have a look at the output. You may need to install iptables with "urpmi iptables". Because iptables is not installed, does not necessarily mean you have not got an active firewall. Chris

Now you have a working system, pop along to easyurpmi Follow the instructions there, and then update your installation with mandrake update or "urpmi --auto-select" - you may find this fixes the problem. You should do the updates anyway for security reasons. Chris

What card do you have - exact maker/model please, then we can see if it is getting recognised and if the driver getting loaded. Chris

Is this a general networking issue? i.e. can you browse the web or ping a site? If you cannot, but can reach a site by IP address (for example http://216.239.59.147 should give you google), you have a domain name resolver issue. If this is the case, you need a valid nameserver address in /etc/resolv.conf. The format is nameserver xxx.xxx.xxx.xxx Chris

Change the line HOSTNAME= in /etc/sysconfig/network Chris

Hello charlus - welcome to Mandrake! Your /etc/hosts file is incorrect - the line saying 10.79.1.92 10.0.0.1 10 should read 10.79.1.92 charlus if charlus is the name you want for your computer - you can put any name here. The 0.0.1 in the search field will have been taken from your /etc/resolv.conf file - it has grabbed the last part of what it thinks is your hostname (10.0.0.1 - should be charlus or something - check in Windows for what you called it there) and is using that . Just delete the line "search 0.0.1" from the file. You should also have a line that starts nameserver. this should have the IP address of your ISPs nameserver, e.g. "nameserver 10.0.0.1" The address may be different - get it from Windows/your ISP. You will probably have to change the /etc/sysconfig/network file too - change the line that (probably) says HOSTNAME=10.0.0.1 to HOSTNAME=charlus. Also make sure the GATEWAY= is set to your ISPs default gateway (10.0.0.1?) and possibly GATEWAYDEV=eth0. Restart the computer Typing hostname should then give you charlus or whatever you called it. ifcfg-eth0 and ifcfg-lo should be different, and they both look OK. There is a howto that may help here: http://web.onetel.net.uk/~showerail/simple_net_setup.html or you can reach it from the sticky post at the top of the networking forum. Let us know how you get on Chris

OK - your firewall is allowing input from eth0 to port 25 - in fact it had accepted 249 packets in that session, so the firewall is not the problem. the only line that could possibly be stopping input is 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID which stops non icmp packets that are invalid. To stop your smtp traffic, the packets sent would have to be 'broken' somehow - unlikely seeing as you have tried from several machines... Suppose we could comment it out in the config just to make sure. It is also allowing all valid output to leave on eth0. postconf -d does give the default settings, but the default settings are somewhat dynamic - for instance a dynamic dial-up IP address would appear in mynetworks here. postconf -n gives the settings you have changed - between the two commands, we can see the entire setup. As LibraOneNow says, looks like the mynetworks statement may be at fault. Chris

Please post output of "iptables -nvL" and "iptables -nvL -t nat" - if postfix is listening on your outgoing interface, it is almost certainly being filtered. Install iptables with urpmi iptables if you need to. Chris

For the garbelled text, type reset (you will obviously have to type it 'blind') For the non-working desktop, type xf86config and follow the prompts - you will need the make and model of your graphics card and monitor. In case your monitor is not in the database, you will need the horizontal and vertical timings. Haven't ever seen startx leave the console unreadable before though... Chris

This seems to be pretty common - if it works, don't worry - leave it alone! Just don't boot in verbose mode if you don't like seeing [FAILED] messages :) Chris

As I understand it, mynetworks should just contain trusted IP addresses and their masks - so add your clients network address and mask in the form 192.168.0.0/24. You should probably narrow this down to only the hosts you are using once you are happy with it working, i.e 192.168.0.3/32 as these hosts are allowed to relay mail. Entries are separated by white space and/or a comma Is inet_interfaces = all set? You can read postfix default settings with postconf -d and settings that have been changed by you with postconf -n . Easier than trawling through main.cf. Chris

How are you connecting - DSL with a static address? or something else... also what hardware ? If you run nmap on your external interface IP address from the postfix PC itself, do you get port 25 listed? If you do, then Postfix is listening on this interface and the problem must be elsewhere. Chris