jimp Posted August 13, 2005 Report Share Posted August 13, 2005 I just installed 2005 limited edition ppc on a g4 iMac, I have it running but I cant access it from the network. I have the fire wall set to none, have sshd running,webmin running, but I keep getting access denied errors when I try to use webmin or ssh, I tried to ping the network address from my windows box and dropped 100% of the packets yet I can ping the windows box from the iMac. also I have httpd running and am getting the default apache mysql advx.org page when I try so that is working. any ideas? I know that sshd and webmin wern't installed with everything else, I used rpmdrake to install them afterwards. Thanks Quote Link to comment Share on other sites More sharing options...
jboy Posted August 13, 2005 Report Share Posted August 13, 2005 Just a stab in the dark, but what is in your /etc/hosts.allow? You might want to put something like this in there: ALL:<ip of your Win machine>:ALLOW or sshd:<ip of your Win machine>:ALLOW Quote Link to comment Share on other sites More sharing options...
jimp Posted August 13, 2005 Author Report Share Posted August 13, 2005 well it was a pretty good stab !! I also had a look in hosts.deny it has a line ALL:ALL EXCEPT 127.0.0.1:DENY so I assume I can comment this line out and then lt would work. what about entire subnets? by service for any service? Thanks Quote Link to comment Share on other sites More sharing options...
jboy Posted August 13, 2005 Report Share Posted August 13, 2005 (edited) I also had a look in hosts.deny it has a line ALL:ALL EXCEPT 127.0.0.1:DENY so I assume I can comment this line out and then lt would work. what about entire subnets? by service for any service? Leave the /etc/hosts.deny file as is, that line is very important. The rules are that (1) access is granted to anything that's matched in /etc/hosts.allow, (2) then anything's that matched in /etc/hosts/deny is denied, (3) otherwise access is granted. In konqueror, type: man:/hosts.deny for more details. So typically you want to explicitly specify what you want allowed in /etc/hosts.allow, but deny everything else (except localhost) in /etc/hosts.deny. In both /etc/hosts.allow and /etc/hosts.deny, you can use wildcards and netmasks (e.g., 192.168.1.0/255.255.255.0). This is explained in the hosts.allow man page. The use of wildcards, such as 192.168.1.* or 102.168.1.15?, is supported in LE2005, not sure about earlier versions. I seem to remember that the wildcards didn't work on my 10.1 install (but it might have been a different distro, memory fails). Edited August 13, 2005 by jboy Quote Link to comment Share on other sites More sharing options...
jimp Posted August 13, 2005 Author Report Share Posted August 13, 2005 ok one more question, This box will eventually be behind a firewall on the dmz because it is a web/mail server so i guess i should just put the gateway address in the allow file and anything the firewall allows will be sent thru that so then it will be accepted? doesn't seem like I've ever had to mess with these files on any other distro, just tell it no firewall and let her rip since I am firewalling on another machine. And thanks once more. Quote Link to comment Share on other sites More sharing options...
jboy Posted August 13, 2005 Report Share Posted August 13, 2005 (edited) When you installed, there was a security level setting option, ranging from Poor to Paranoid. The default for LE2005 is High, I believe. Different distros may have different defaults, so that's may explain why you didn't have to mess with this on other distros. You can see all these security configurable options by invoking the draksec wizard: /usr/sbin/draksec Note the several tabs and their options. It's not very well documented but you can read a little bit about it with /usr/share/doc/mandrake/en/Starter/Starter.html/draksec.html. It you don't have that file, download the mandrake-doc-Starter-en-10.2-2mdk package. Now, I'm not a network specialist so I'm going to bow out at this point. I think you're on the right track but perhaps someone here with actual experience in setting up a DMZ may wish to provide some further comments on best security and configuration practices for this situation. EDIT: also note the Help button on the draksec wizard tabs. Edited August 13, 2005 by jboy Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.