red Posted December 3, 2002 Report Share Posted December 3, 2002 Well my little saga continues. My initial test of this product was very favorable, except for the Asheron's call thing. After changing the hard drive in the system, adding a bit of memory and moving the NICs around so they are enumerated properly for my setup, and completely reinstalling, I have no connectivity unless the proxy services area enabled, and that is very slow. Here is the scoop P233MMX, 64MB memory, 3GB HD, Realtek 8139 chipset for the cable internet connection, 3com 3c590tx for intertnal network. Setup seemed to complete without any issues. I configured only the internal card initially and added the Internet connection from the web interface after installation. Now I am not much of a *nixer so please bear with me. when looking at the running services, everything seems to be inorder except xinetd. It indicates unknown status and details show something like PID exists but incorrect. The other thing is under Internet Access, it shows Access Status DOWN and START STOP TEST seem to do nothing. Am I correct in understanding the system should allow internet connectivity without the proxy running? I have tried all sorts of configurations. Even disabling the firewall altogether and i still cannot reach the internet with client systems. The system itself seems to be able to check for updates and download them, so I am fairly positive we have a good connection. Please don't think I have not tried to find out how to manage this issue myself, There just does not seem to be much documentation about this product available. I think once I cross this hurdle, I will be able to get Asheron's Call working as expected. If anyone can give me a bit of guidance, I would appreciate it. Thanks RED Quote Link to comment Share on other sites More sharing options...
red Posted December 4, 2002 Author Report Share Posted December 4, 2002 The 3com NIC is a 3c905cx. And for some reason shows up as unknown card but still allows a connection to the box through it. I am going to change the 3com NIC to something else and see what happens, Thanks, RED Quote Link to comment Share on other sites More sharing options...
red Posted December 12, 2002 Author Report Share Posted December 12, 2002 Did I forget the secret penguin handshake or something? Hard to beleive that NO ONE has any input on this. RED Quote Link to comment Share on other sites More sharing options...
johnnyv Posted December 12, 2002 Report Share Posted December 12, 2002 It's not a handshake it's a call :P I haven't used snf so i can't really help you. Can you ping the pc's on your network from the snf? Does the snf do the dns? or are the clients trying to access an external dns and being blocked by the snf? Quote Link to comment Share on other sites More sharing options...
red Posted December 12, 2002 Author Report Share Posted December 12, 2002 That is an interesting question. If I set the clients to use the SNF box as the DNS, they can ping outside IPs by IP address but not by name. If I set the clients to the ISP DNS they can surf, ftp, send/receive email, connect to newsgroups, etc. and all is good until connecting to AC The SNF box can ping all internal addresses just fine. The problem comes down to this, and please don't be offended. I have really really tried to like Linux and Linux platformed solutions, and I want to get this one going because it offers EVERYTHING I want in a firewall solution in one small package, but damn!!!, it is frustrating when you follow directions, crossing every t and dotting every i and still cannot get something to work as expected. I even tried loading MNF 9.0 (following posted directions) on this box and got as far as trying to log in to the web admin panel and it tells me I dont have cookies enabled. I don't know, maybe I am not quite as savvy as I thought I was, but it sure seems odd that I can take the same box, throw windows 2000 server on it, enable RRAS, throw a firewall app on it and get it working in minutes, even playing AC. The unfortunate thing is, while I try to muddle my way through this, posting messages on this, and other boards and newsgroups, I really feel as though I don't belong. You are only the second person to EVER reply to a post I made on any linux board. Hence the question about the secret penguin handshake question. I know it is not anything personal but it sure feels like it. Thanks a bunch for anything you can offer. RED P.S. Some of my favorite commercials are the Budweiser penguin series...does that count for anything? "DO BE DO BE DOOOO" Quote Link to comment Share on other sites More sharing options...
johnnyv Posted December 12, 2002 Report Share Posted December 12, 2002 That is an interesting question. If I set the clients to use the SNF box as the DNS, they can ping outside IPs by IP address but not by name. If I set the clients to the ISP DNS they can surf, ftp, send/receive email, connect to newsgroups, etc. and all is good until connecting to AC The SNF box can ping all internal addresses just fine. Ok obviously there is no DNS or DNS is not setup on the snf, so you would need to use your isp's dns on the clients(btw a cacheing DNS server on your gateway is often a good idea). So your are able to surf/email etc on the clients through the snf? Is the only problem AC? if so you need to unblock the port that AC uses which i don't know as i don't use it. There would have to be an administration interface for that sort of thing on the snf i would think. Have you looked at the documentation? http://www.linux-mandrake.com/en/doc/72/SN...F/en/user.html/ Btw if you would be better off with a Transparent bridging firewall ( a firewall with no ip address - is invisible so an attacker cant find it too attack it, clients don't see it either ) the setup is far more difficult to snf though so maybe later. Quote Link to comment Share on other sites More sharing options...
johnnyv Posted December 12, 2002 Report Share Posted December 12, 2002 rather than snf you might want to try mandrake 9.0 on that box with a minimal install and a light window manager like blackbox( i think you need gnome to use firestarter). Use internet connection sharing and setup a firewall like firestarter, might be easier to configure. http://firestarter.sourceforge.net/ I think there is a rpm for it at texstar's site http://ftp.ibiblio.org/pub/Linux/distribut...0-2tex.i586.rpm Quote Link to comment Share on other sites More sharing options...
red Posted December 12, 2002 Author Report Share Posted December 12, 2002 Well thank you all for the tips folks. Johnnyv...how would I setup the caching DNS server? And YES I have gone ahead and followed that documentation to the letter. the one thing that confuses me however is this. When I add ports to "open" the server chugs along for a bit then when the page appears that summarizes the ports that are open, the ports do not appear. Also, ther eis a section that show "Access Status"...mine is always DOWN. no matter what i do it always shows down. I was thinking of the Mandrake 9 as well but not quite sure just how minimal an install and what minimal install is. Then on top of that, I see the post below for the new Mandrake MNF being available and may try that as well. Thanks!! RED Quote Link to comment Share on other sites More sharing options...
paul Posted December 12, 2002 Report Share Posted December 12, 2002 perhaps you should try the new MandrakeMNF ... and when you're done, tick the box that say "start caching name server" you can get it here ftp://ftp.proxad.net/pub/Distributions_Li...ty-MNF.i586.iso Quote Link to comment Share on other sites More sharing options...
red Posted December 13, 2002 Author Report Share Posted December 13, 2002 Downloaded and installed the new MNF and low and behold I am able to connect with muh less configuration than SNF 7.2...AND AC connects but does not actually enter the game. I know which ports to open, so once I figure out which ones are blocking the connection, it looks like it will be AOK. Tried the Caching DNS and it didn't seem to do anything, I still had to let the client DNS to the ISPs DNS. Getting closer. RED Quote Link to comment Share on other sites More sharing options...
red Posted December 14, 2002 Author Report Share Posted December 14, 2002 Ok heres the deal. Frustrated doesnt even come close to describing how I feel ATM. Installed MNF (9 is it?). Able to connect to the internet, surf, e-mail, newsgroups, ftp, and do everything except actually enter tha game of Asheron's call. Since I was able to get to the net i figured it must be one simple port, or a series of them that are needed. So I tried to open them. Go to firewall settings, rules and add a simple rule. Lan for the client, all for the server, and set the protocol and port and apply....seems that should do the trick. It shows up in the list of active rules but will not let anythign pass. Just to see if they are beign applied, I decide to open the door...WIDE. Set a new rule all to all tcp+udp and ports 0-65000. This should roll out the red carpet from the firewall and internal network to the internet. WRONG.... 3 sites I used...grc.com auditmypc.com and symantec's test site all indicate the test ports are blocked or stealth. I dont know. I am missing something, I just dont know what..if anyone can offer anything, I would appreciate it. Thanks, RED Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.