zansatsu Posted April 14, 2005 Report Share Posted April 14, 2005 Hi all. I have been all over this forum looking for an answer and I don't think anyone has addressed it directly. I'm running MDK 10.0 Official on one machine which is acting as a gateway for a Windows 2000 machine. Ever since the initial MDK10 install, I have been unable to read Windows shares from my Linux box and vice versa. I've even tried ping from my mandy box but it just gives a series of errors. Likewise, Windows knows it has an internet connection, but it doesn't see my linux box. I have samba installed, and unfortunately samba setup is a little mindboggling for me. I don't even know if it is samba's fault or squid's or shorewall's or what. All I know is that I can't share and it's just recently become important as I've begun using both machines for video editing. Here's ifconfigs output: eth0 Link encap:Ethernet HWaddr 00:10:DC:23:C7:97 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::210:dcff:fe23:c797/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:51348 errors:0 dropped:0 overruns:0 frame:0 TX packets:37039 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:65524663 (62.4 Mb) TX bytes:2400624 (2.2 Mb) Interrupt:5 Base address:0x6000 eth1 Link encap:Ethernet HWaddr 00:01:02:6E:51:6C inet addr:131.96.229.142 Bcast:131.96.229.191 Mask:255.255.255.192 inet6 addr: fe80::201:2ff:fe6e:516c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:81437 errors:0 dropped:0 overruns:4 frame:0 TX packets:74806 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:42456112 (40.4 Mb) TX bytes:68360201 (65.1 Mb) Interrupt:11 Base address:0xc400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:6493 errors:0 dropped:0 overruns:0 frame:0 TX packets:6493 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:329254 (321.5 Kb) TX bytes:329254 (321.5 Kb) Please let me know if you need more info. Again, if this issue has been addressed, if someone could point me in the right direction, I'd appreciate it. Thanx for your time. Alex Quote Link to comment Share on other sites More sharing options...
Qchem Posted April 14, 2005 Report Share Posted April 14, 2005 What configuration have you attempted with samba? Have you tried using the tools in mcc, or failing that swat? Quote Link to comment Share on other sites More sharing options...
zansatsu Posted April 14, 2005 Author Report Share Posted April 14, 2005 (edited) What configuration have you attempted with samba? Have you tried using the tools in mcc, or failing that swat? <{POST_SNAPBACK}> To be honest, I know very little about samba and I have not tried mcc or swat. Edited April 14, 2005 by zansatsu Quote Link to comment Share on other sites More sharing options...
Qchem Posted April 14, 2005 Report Share Posted April 14, 2005 The samba website has lots of documentation for running all common windows sharing tasks. It might be worth having a play around in mcc first though. Quote Link to comment Share on other sites More sharing options...
zansatsu Posted April 14, 2005 Author Report Share Posted April 14, 2005 (edited) I appreciate your quick response but that puts me back at square one. I've tried reading through the documents for samba but there are so many parameters that I don't know what controls what. Maybe you could tell me what I should focus on? And I have used Mandrake Control Center extensively, but it does not give me the control I want over iptables and shorewall. I also get the feeling that it isn't properly configuring everything, otherwise I wouldn't have this problem. Also, LinNeighborhood gives me this error when I tried to probe the address where my Win2k machine is. Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted Domain=[LINUSROX] OS=[Unix] Server=[Samba 3.0.10] Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted Domain=[LINUSROX] OS=[Unix] Server=[Samba 3.0.10] If that helps. Edited April 14, 2005 by zansatsu Quote Link to comment Share on other sites More sharing options...
Qchem Posted April 14, 2005 Report Share Posted April 14, 2005 Ok, sorry if I've confused you :D Taking things in small steps (so I don't confuse myself!!), does the linux box have a working internet connection? Can you ping the windows machine, and can you ping outside servers - such as google? Quote Link to comment Share on other sites More sharing options...
zansatsu Posted April 14, 2005 Author Report Share Posted April 14, 2005 (edited) Ok, sorry if I've confused you :D Taking things in small steps (so I don't confuse myself!!), does the linux box have a working internet connection? Can you ping the windows machine, and can you ping outside servers - such as google? <{POST_SNAPBACK}> Yes my mandy box has an internet connection, Yes I can ping google, and no I can't ping my win2k machine. [alex@aazwin2kmdk10 alex]$ ping www.google.com PING www.l.google.com (64.233.187.99) 56(84) bytes of data. 64 bytes from 64.233.187.99: icmp_seq=1 ttl=240 time=29.9 ms 64 bytes from 64.233.187.99: icmp_seq=2 ttl=240 time=29.9 ms 64 bytes from 64.233.187.99: icmp_seq=3 ttl=240 time=30.5 ms 64 bytes from 64.233.187.99: icmp_seq=4 ttl=240 time=30.0 ms 64 bytes from 64.233.187.99: icmp_seq=5 ttl=240 time=29.8 ms 64 bytes from 64.233.187.99: icmp_seq=6 ttl=240 time=30.0 ms 64 bytes from 64.233.187.99: icmp_seq=7 ttl=240 time=29.8 ms 64 bytes from 64.233.187.99: icmp_seq=8 ttl=240 time=29.9 ms 64 bytes from 64.233.187.99: icmp_seq=9 ttl=240 time=30.1 ms 64 bytes from 64.233.187.99: icmp_seq=10 ttl=240 time=29.7 ms 64 bytes from 64.233.187.99: icmp_seq=11 ttl=240 time=30.0 ms 64 bytes from 64.233.187.99: icmp_seq=12 ttl=240 time=30.1 ms 64 bytes from 64.233.187.99: icmp_seq=13 ttl=240 time=30.1 ms 64 bytes from 64.233.187.99: icmp_seq=14 ttl=240 time=30.5 ms --- www.l.google.com ping statistics --- 14 packets transmitted, 14 received, 0% packet loss, time 13008ms rtt min/avg/max/mdev = 29.758/30.072/30.560/0.237 ms [alex@aazwin2kmdk10 alex]$ ping 192.168.1.250 PING 192.168.1.250 (192.168.1.250) 56(84) bytes of data. From 192.168.1.1 icmp_seq=1 Destination Host Unreachable From 192.168.1.1 icmp_seq=1 Destination Host Unreachable From 192.168.1.1 icmp_seq=1 Destination Host Unreachable From 192.168.1.1 icmp_seq=1 Destination Host Unreachable From 192.168.1.1 icmp_seq=1 Destination Host Unreachable From 192.168.1.1 icmp_seq=1 Destination Host Unreachable ping: sendmsg: Operation not permitted From 192.168.1.1 icmp_seq=2 Destination Host Unreachable ping: sendmsg: Operation not permitted From 192.168.1.1 icmp_seq=3 Destination Host Unreachable ping: sendmsg: Operation not permitted From 192.168.1.1 icmp_seq=4 Destination Host Unreachable ping: sendmsg: Operation not permitted From 192.168.1.1 icmp_seq=5 Destination Host Unreachable ping: sendmsg: Operation not permitted --- 192.168.1.250 ping statistics --- 5 packets transmitted, 0 received, +10 errors, 100% packet loss, time 4059ms NOTE: The address I'm pinging is the address that my Win2k machines lease is on according to ms ipconfig. Edited April 14, 2005 by zansatsu Quote Link to comment Share on other sites More sharing options...
Qchem Posted April 14, 2005 Report Share Posted April 14, 2005 Do you have a firewall enabled in windows? How are you getting an IP for the windows box, running a dhcp server under linux? Am I right in assuming that you just have these two machines, and the linux box is then connected to the internet? Quote Link to comment Share on other sites More sharing options...
streeter Posted April 14, 2005 Report Share Posted April 14, 2005 Also, what's in your routing table ( route -n ) ? Chris Quote Link to comment Share on other sites More sharing options...
zansatsu Posted April 14, 2005 Author Report Share Posted April 14, 2005 Okie dokie. I decided to give you my processes so you can see what I have running (samba, squid, etc.) Yes QChem your assumption is correct. I have 2 nics on my linux box which is connected to the internet. I used the ICS applet in MCC to enable internet connection sharing and from the process list below, I apparently have dhcpd running. [root@aazwin2kmdk10 alex]# ps -A PID TTY TIME CMD 1 ? 00:00:03 init 2 ? 00:00:00 migration/0 3 ? 00:00:00 ksoftirqd/0 4 ? 00:00:00 events/0 5 ? 00:00:00 kblockd/0 6 ? 00:00:00 pdflush 7 ? 00:00:00 pdflush 8 ? 00:00:00 kswapd0 9 ? 00:00:00 aio/0 11 ? 00:00:00 kseriod 15 ? 00:00:00 kjournald 129 ? 00:00:00 devfsd 219 ? 00:00:00 khubd 385 ? 00:00:00 khpsbpkt 398 ? 00:00:00 knodemgrd_0 538 ? 00:00:00 kjournald 1072 ? 00:00:00 sensord 1352 ? 00:00:01 ifplugd 1417 ? 00:00:00 dhclient 3021 ? 00:00:00 portmap 3035 ? 00:00:00 syslogd 3043 ? 00:00:00 klogd 3082 ? 00:00:00 rpc.statd 3445 ? 00:00:00 xfs 3486 ? 00:00:00 atd 3501 ? 00:00:00 acpid 3517 ? 00:00:00 named 3553 ? 00:00:00 xinetd 3578 ? 00:00:00 ptal-mlcd 3580 ? 00:00:00 ptal-printd 3592 ? 00:00:00 chronyd 3627 ? 00:00:00 cupsd 3806 ? 00:00:00 dhcpd 3899 ? 00:00:00 crond 3929 ? 00:00:00 squid 3931 ? 00:00:04 squid 3942 ? 00:00:00 unlinkd 3943 ? 00:00:00 diskd 3944 ? 00:00:00 smbd 3954 ? 00:00:00 nmbd 3977 ? 00:00:00 smbd 4027 ? 00:00:00 login 4028 tty2 00:00:00 mingetty 4029 tty3 00:00:00 mingetty 4030 tty4 00:00:00 mingetty 4031 tty5 00:00:00 mingetty 4032 tty6 00:00:00 mingetty 4245 tty1 00:00:00 bash 4284 tty1 00:00:00 startx 4296 tty1 00:00:00 xinit 4297 ? 00:09:57 X 4306 tty1 00:00:00 startkde 4353 tty1 00:00:13 magicdev 4367 tty1 00:00:00 gconfd-2 4370 ? 00:00:00 kdeinit 4373 ? 00:00:00 kdeinit 4375 ? 00:00:00 kdeinit 4378 ? 00:00:01 kdeinit 4379 ? 00:00:02 fam 4393 ? 00:00:14 artsd 4404 ? 00:00:02 kdeinit 4405 tty1 00:00:00 kwrapper 4407 ? 00:00:00 kdeinit 4408 ? 00:00:27 kdeinit 4410 ? 00:00:15 kdeinit 4413 ? 00:00:17 kdeinit 4417 ? 00:00:09 xscreensaver 4424 ? 00:00:20 kdeinit 4428 ? 00:00:09 kdeinit 4430 ? 00:00:00 kdeinit 4445 ? 00:00:06 korgac 4486 ? 00:00:00 kdeinit 4610 ? 00:00:08 kdeinit 4685 ? 00:00:00 kdesud 7563 ? 00:00:00 firefox 7574 ? 00:00:00 run-mozilla.sh 7579 ? 00:10:47 firefox-bin 7597 ? 00:00:00 java_vm 7814 ? 00:00:00 kdeinit 14619 ? 00:00:01 kdeinit 14620 pts0 00:00:00 bash 14780 ? 00:00:16 kdeinit 14781 pts1 00:00:00 bash 14897 pts1 00:00:00 su 14900 pts1 00:00:00 bash 14933 pts1 00:00:00 ps Here is the route -n output, of which I have no clue how to interpret. [root@aazwin2kmdk10 alex]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 131.96.229.128 0.0.0.0 255.255.255.192 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 131.96.229.129 0.0.0.0 UG 0 0 0 eth1 I really appreciate everyone's help. This problem has frustrated me for a while and I feel better knowing that you guys are on it. Thanx. Alex Quote Link to comment Share on other sites More sharing options...
Qchem Posted April 14, 2005 Report Share Posted April 14, 2005 Can you ping the linux box from windows ok? If you can isolate the machine from the web for a while it might be worth turning shorewall (or any other firewalling) off just to make sure it isn't simply the packets necessary for the sharing being dumped. Quote Link to comment Share on other sites More sharing options...
zansatsu Posted April 14, 2005 Author Report Share Posted April 14, 2005 Can you ping the linux box from windows ok? If you can isolate the machine from the web for a while it might be worth turning shorewall (or any other firewalling) off just to make sure it isn't simply the packets necessary for the sharing being dumped. <{POST_SNAPBACK}> I didn't even think about that. I can ping my linux box at 127.0.0.1 and it responds. What's the easiest way to disable the firewall? Quote Link to comment Share on other sites More sharing options...
zansatsu Posted April 14, 2005 Author Report Share Posted April 14, 2005 Yeah.... mcc doesn't seem to be disabling the firewall when I tell it to allow everything. What process do I kill/disable? Sorry if these are obvious questions, I'm still a noob when it comes to the subtleties of linux networking. Quote Link to comment Share on other sites More sharing options...
zansatsu Posted April 14, 2005 Author Report Share Posted April 14, 2005 Here's my iptables -L output: [root@aazwin2kmdk10 alex]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP !icmp -- anywhere anywhere state INVALID eth1_in all -- anywhere anywhere eth0_in all -- anywhere anywhere Reject all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:' reject all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination DROP !icmp -- anywhere anywhere state INVALID eth1_fwd all -- anywhere anywhere eth0_fwd all -- anywhere anywhere Reject all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:' reject all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP !icmp -- anywhere anywhere state INVALID fw2net all -- anywhere anywhere all2all all -- anywhere anywhere Reject all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:' reject all -- anywhere anywhere Chain Drop (1 references) target prot opt source destination RejectAuth all -- anywhere anywhere dropBcast all -- anywhere anywhere DropSMB all -- anywhere anywhere DropUPnP all -- anywhere anywhere dropNonSyn all -- anywhere anywhere DropDNSrep all -- anywhere anywhere Chain DropDNSrep (2 references) target prot opt source destination DROP udp -- anywhere anywhere udp spt:domain Chain DropSMB (1 references) target prot opt source destination DROP udp -- anywhere anywhere udp dpt:135 DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn DROP udp -- anywhere anywhere udp dpt:microsoft-ds DROP tcp -- anywhere anywhere tcp dpt:135 DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds Chain DropUPnP (2 references) target prot opt source destination DROP udp -- anywhere anywhere udp dpt:1900 Chain Reject (4 references) target prot opt source destination RejectAuth all -- anywhere anywhere dropBcast all -- anywhere anywhere RejectSMB all -- anywhere anywhere DropUPnP all -- anywhere anywhere dropNonSyn all -- anywhere anywhere DropDNSrep all -- anywhere anywhere Chain RejectAuth (2 references) target prot opt source destination reject tcp -- anywhere anywhere tcp dpt:auth Chain RejectSMB (1 references) target prot opt source destination reject udp -- anywhere anywhere udp dpt:135 reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject udp -- anywhere anywhere udp dpt:microsoft-ds reject tcp -- anywhere anywhere tcp dpt:135 reject tcp -- anywhere anywhere tcp dpt:netbios-ssn reject tcp -- anywhere anywhere tcp dpt:microsoft-ds Chain all2all (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Reject all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:' reject all -- anywhere anywhere Chain dropBcast (2 references) target prot opt source destination DROP all -- anywhere anywhere PKTTYPE = broadcast DROP all -- anywhere anywhere PKTTYPE = multicast Chain dropNonSyn (2 references) target prot opt source destination DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN Chain dynamic (4 references) target prot opt source destination Chain eth0_fwd (1 references) target prot opt source destination dynamic all -- anywhere anywhere state NEW loc2net all -- anywhere anywhere Chain eth0_in (1 references) target prot opt source destination dynamic all -- anywhere anywhere state NEW loc2fw all -- anywhere anywhere Chain eth1_fwd (1 references) target prot opt source destination dynamic all -- anywhere anywhere state NEW net2all all -- anywhere anywhere Chain eth1_in (1 references) target prot opt source destination dynamic all -- anywhere anywhere state NEW net2fw all -- anywhere anywhere Chain fw2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT all -- anywhere anywhere Chain icmpdef (0 references) target prot opt source destination Chain loc2fw (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere multiport dports 4443,netbios-ns ACCEPT tcp -- anywhere anywhere multiport dports 4443,netbios-ns ACCEPT tcp -- anywhere anywhere tcp dpt:squid all2all all -- anywhere anywhere Chain loc2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain net2all (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Drop all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:' DROP all -- anywhere anywhere Chain net2fw (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere multiport dports 4443,netbios-ns ACCEPT tcp -- anywhere anywhere multiport dports 4443,netbios-ns net2all all -- anywhere anywhere Chain reject (11 references) target prot opt source destination DROP all -- anywhere anywhere PKTTYPE = broadcast DROP all -- anywhere anywhere PKTTYPE = multicast DROP all -- 131.96.229.191 anywhere DROP all -- 192.168.1.255 anywhere DROP all -- 255.255.255.255 anywhere DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain shorewall (0 references) target prot opt source destination Chain smurfs (0 references) target prot opt source destination LOG all -- 131.96.229.191 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP all -- 131.96.229.191 anywhere LOG all -- 192.168.1.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP all -- 192.168.1.255 anywhere LOG all -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP all -- 255.255.255.255 anywhere LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere Quote Link to comment Share on other sites More sharing options...
streeter Posted April 14, 2005 Report Share Posted April 14, 2005 Have a look at my howto here: How to disable your firewall You may need to install iptables first (urpmi iptables). You cannot 'just stop' the firewall, as shorewall (or other firewall, including custom rule sets) just set the netfilter rules, then exit. So you need to clear the rules and set the defaults for 'allow'. This is obviously not recommended for a running environment - just for testing. Chris Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.