LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   accessing box from internal network but not from external (http://www.linuxquestions.org/questions/linux-networking-3/accessing-box-from-internal-network-but-not-from-external-2353/)

JereBear 05-08-2001 12:53 AM

Ok, heres my setup...Mandrake 8.0 box with Connection sharing and a firewall in place using the "control center." My secondbox is running Win98SE and currently has internet available via aforesaid Mandrake box. All that is hunky-dory.

The linux box is set up with eth0 as external network and eth1 as internal network alongside the windows box.

Now, I have a telnet server and wu-FTPD running on the linux box but I am unable to use these services via the windows box on my internal network. I do not need to access these services from outside my local network, in fact, I'd like them disabled from the outside world. My understanding is the the firewall is setup for the external connection (eth0) but that everything is allowed though the internal conneciton (eth1, IP:192.168.0.1). Is this the case?

I tried allowing FTP and telnet through the firewall, but to no avail.

/etc/hosts.deny has "ALL:ALL EXCEPT localhost: DENY"
/etc/hosts.allow has "ALL: 127.0.0.1 ALL: 192.168.0."

I am a recent newbie so if I'm missing any vital info, lemme know. Thanks.

JereBear 05-08-2001 01:03 AM

BTW
 
By the way...

When I try telneting from the windows box I get "Could not open a connection to 192.168.0.1"

When I try FTPing from the windows box I get "!Socket Error: no connection. Could not login to 192.168.0.1"

On another note, my windows box is using the linux box's DHCP server to retrieve an IP of 192.168.0.16.

Thanks,
Jeremy

raz 05-08-2001 08:01 AM

What happens if you make both the /etc/hosts.allow and deny files empty ?

Do this as a test.

The DHCP shouldn't matter as they are on the same subnet.

Also check they are working with # netstat -anp | grep LISTEN
You should see the ftp and telnet ports.

Anyway I think your hosts.allow and deny are wrong.
try this:

/etc/hosts.allow
ALL: All@127.0.0.1 : ALLOW
ALL: All@192.168.0.0/255.255.255.0 : ALLOW

/etc/hosts.deny
ALL: 0.0.0.0/0.0.0.0


I don't ever use the wrappers as they are too basic in options, so I may be incorrect, but I'm sure your line that says (/etc/hosts.allow has "ALL: 127.0.0.1 ALL: 192.168.0.) should be (/etc/hosts.allow has "ALL: 127.0.0.1 ALL: 192.168.0/255.255.255.0)

/Raz

JereBear 05-09-2001 10:59 PM

More problems on my box
 
Ok, so now my internet sharing conked out on me! This is where my systems are at.

Mandrake-Linux 8.0 box: (Internet Connection Sharing Enabled) I can ping the windows box on my local network via eth1. I can connect to the web via eth0.

Windows 98SE box on local network: IP addy gotten from linux box's DHCP server, all fine and good. I can ping the linux box and other systems out on the internet, very interesting. What's more interesting is that I cannot connect to web pages and AIM and the such. BUT! I can PING!

Any ideas?

I wanna get this working first, before I mess with the telnet and FTP problems.

Thanks--
Jeremy

raz 05-10-2001 03:21 AM

If you can ping the internet addresses from the windozes box then the Linux box is forwarding correctly.

ok Try to connect to the websites IP address instead of the URL name.

Try http://www.cisco.com
http://198.133.219.25

If this works the DNS server on the windows box is incorrect or not set correctly.

What software are you using to get the linux box to do NAT for the other internal IP addresses ?

/Raz

JereBear 05-10-2001 01:39 PM

NAT software
 
I don't know exactly...In the Mandrake Control Center, I turned on Internet sharing. After doing so, I noticed that during boot it enabled something called IPv4. I'm not quite sure if this is the exact name as I'm not at the system right now. When I get back to my dorm room I'll try out the IP addy thing and going around a DNS server. I'll post and letcha know.

Thanks raz

Jeremy

JereBear 05-10-2001 06:39 PM

Troubleshooting continued
 
I tried connecting to http://198.133.219.25/ on the windows box and it loaded the Cisco page, but typing in the URL does not load. So....DNS server problems. I looked in linuxconf on the gateway linux box and the DNS servers are all coorect. How do I tell eth1 (which is carrying requests from the windows box) to look to the DNS servers? Solving this, in my perfectly newberific opinion, should make everything work again.

I was looking at the route command and its parameters...do I need to add a route from 192.168.0.1 to the IP of the DNS server?


Snoogens...
Jeremy

JereBear 05-10-2001 07:30 PM

Ok, I palyed it smart and threw the DNS IPs into the TCP/IP Properties of my windows box.....and BAH-BAM! It's all good now.

Thanks raz....I just needed to talk it out there to myself at the end...

Jeremy

JereBear 05-10-2001 09:51 PM

back tot he original problem
 
Ok.....so now I have my connection shared again...but I still cannot access FTP and telnet on the linux box fromt eh windows one. I tried this with a cleared hosts.allow and hosts.deny as well as the ones that raz mentioned above.

I set the firewall to block everything but web server (port 80). This doesnt shut it all off from the internal device (eht1) does it?

My impression was that a firewall only blocked out the outside world (eth0).

ideas, coments, complaints?
Thanks,

Jeremy

raz 05-11-2001 05:26 AM

Wow I answered a question correctly. I didn't see that one coming. :-)

Anyway, I'm confused as to what kind of firewall software you've put up.


Use this process to see what needs fixing:
Then supply more details on the software and settings.

on linux box:
1) When you "#netstat -nap" you see the telnet 23 and ftp 21 ports ready and listening. yes goto (2), no goto (5)
2) When you "#telnet localhost" it works. yes goto (3), no goto (5)
3) When you "#telnet linux_ip_address" it works yes goto (4), no goto (6)
on windozes box:
(4) When you "ping linux_ip_address" it works yes goto (5), no goto (7)
(5) When you "telnet linux_ip_address" nothing happens or socket timesout goto (8).

answer your firewall script is incorrectly configured to block the access from the internal private network.
(5) start the deamons and check the xinetd.d setting also check the /etc/hosts file for localhost setting 127.0.0.1
(6) firewall blocking the local subnet, /etc/hosts file doesn't know it's own IP address.
(7) a routing problem or firewall blocking ICMP type 8 requests
(8) Firewall set-up to block internal connections to those ports.

go fix..

/Raz

JereBear 05-11-2001 11:31 AM

Raz...

Mandrake uses a program called tinyFirewall. It's name doesn't exactly lead me to believe that this is what I want. I tired configuring pmfirewall, but to no avail. pmfirewall would start because of a protocal error with ipchains ::shrug::.....on the other front...

The windows box cannot telnet or ping the linux box. It cannot ping anything but itself. However, I do have intenet (w/ DNS) and the FTP works (either by connecting to 192.168.0.1 or the linuix box's external IP).

as for the "netstat -nap" command....it brings up a slew of stuff and I don't see anyhting about telnet and the FTP program is only mentioned once with no association to the number 21.

As for the telnet on the linux box...rthere is no obvious trace of the telnet deamon running in linuxconf...there is no option to enable/start it and I know its installed.


hmmmm...I REALLY appreciate the help raz...Thanks,

Jeremy

JereBear 05-11-2001 04:07 PM

My head is starting to hurt...too much thinking...Blasted college education

--Jeremy

JereBear 05-12-2001 01:12 AM

Ok, I'm ditching the Mandrake firewall thing.....and I'm persuing pmfirewall. I installed ipchains and ran the install script everything's fine. But when I go to run pmfirewall I get "ipchains: Protocol Not Available" running down the screen, a lot of them. What does this mean? I did everything right in the install script, but no dice.

Thoughts now?

Jeremy


All times are GMT -5. The time now is 03:05 PM.