LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-08-2001, 12:53 AM   #1
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Rep: Reputation: 0

Ok, heres my setup...Mandrake 8.0 box with Connection sharing and a firewall in place using the "control center." My secondbox is running Win98SE and currently has internet available via aforesaid Mandrake box. All that is hunky-dory.

The linux box is set up with eth0 as external network and eth1 as internal network alongside the windows box.

Now, I have a telnet server and wu-FTPD running on the linux box but I am unable to use these services via the windows box on my internal network. I do not need to access these services from outside my local network, in fact, I'd like them disabled from the outside world. My understanding is the the firewall is setup for the external connection (eth0) but that everything is allowed though the internal conneciton (eth1, IP:192.168.0.1). Is this the case?

I tried allowing FTP and telnet through the firewall, but to no avail.

/etc/hosts.deny has "ALL:ALL EXCEPT localhost: DENY"
/etc/hosts.allow has "ALL: 127.0.0.1 ALL: 192.168.0."

I am a recent newbie so if I'm missing any vital info, lemme know. Thanks.
 
Old 05-08-2001, 01:03 AM   #2
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Original Poster
Rep: Reputation: 0
BTW

By the way...

When I try telneting from the windows box I get "Could not open a connection to 192.168.0.1"

When I try FTPing from the windows box I get "!Socket Error: no connection. Could not login to 192.168.0.1"

On another note, my windows box is using the linux box's DHCP server to retrieve an IP of 192.168.0.16.

Thanks,
Jeremy
 
Old 05-08-2001, 08:01 AM   #3
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
What happens if you make both the /etc/hosts.allow and deny files empty ?

Do this as a test.

The DHCP shouldn't matter as they are on the same subnet.

Also check they are working with # netstat -anp | grep LISTEN
You should see the ftp and telnet ports.

Anyway I think your hosts.allow and deny are wrong.
try this:

/etc/hosts.allow
ALL: All@127.0.0.1 : ALLOW
ALL: All@192.168.0.0/255.255.255.0 : ALLOW

/etc/hosts.deny
ALL: 0.0.0.0/0.0.0.0


I don't ever use the wrappers as they are too basic in options, so I may be incorrect, but I'm sure your line that says (/etc/hosts.allow has "ALL: 127.0.0.1 ALL: 192.168.0.) should be (/etc/hosts.allow has "ALL: 127.0.0.1 ALL: 192.168.0/255.255.255.0)

/Raz
 
Old 05-09-2001, 10:59 PM   #4
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Original Poster
Rep: Reputation: 0
Angry More problems on my box

Ok, so now my internet sharing conked out on me! This is where my systems are at.

Mandrake-Linux 8.0 box: (Internet Connection Sharing Enabled) I can ping the windows box on my local network via eth1. I can connect to the web via eth0.

Windows 98SE box on local network: IP addy gotten from linux box's DHCP server, all fine and good. I can ping the linux box and other systems out on the internet, very interesting. What's more interesting is that I cannot connect to web pages and AIM and the such. BUT! I can PING!

Any ideas?

I wanna get this working first, before I mess with the telnet and FTP problems.

Thanks--
Jeremy
 
Old 05-10-2001, 03:21 AM   #5
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
If you can ping the internet addresses from the windozes box then the Linux box is forwarding correctly.

ok Try to connect to the websites IP address instead of the URL name.

Try http://www.cisco.com
http://198.133.219.25

If this works the DNS server on the windows box is incorrect or not set correctly.

What software are you using to get the linux box to do NAT for the other internal IP addresses ?

/Raz
 
Old 05-10-2001, 01:39 PM   #6
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Original Poster
Rep: Reputation: 0
NAT software

I don't know exactly...In the Mandrake Control Center, I turned on Internet sharing. After doing so, I noticed that during boot it enabled something called IPv4. I'm not quite sure if this is the exact name as I'm not at the system right now. When I get back to my dorm room I'll try out the IP addy thing and going around a DNS server. I'll post and letcha know.

Thanks raz

Jeremy
 
Old 05-10-2001, 06:39 PM   #7
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Original Poster
Rep: Reputation: 0
Troubleshooting continued

I tried connecting to http://198.133.219.25/ on the windows box and it loaded the Cisco page, but typing in the URL does not load. So....DNS server problems. I looked in linuxconf on the gateway linux box and the DNS servers are all coorect. How do I tell eth1 (which is carrying requests from the windows box) to look to the DNS servers? Solving this, in my perfectly newberific opinion, should make everything work again.

I was looking at the route command and its parameters...do I need to add a route from 192.168.0.1 to the IP of the DNS server?


Snoogens...
Jeremy
 
Old 05-10-2001, 07:30 PM   #8
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Original Poster
Rep: Reputation: 0
Ok, I palyed it smart and threw the DNS IPs into the TCP/IP Properties of my windows box.....and BAH-BAM! It's all good now.

Thanks raz....I just needed to talk it out there to myself at the end...

Jeremy
 
Old 05-10-2001, 09:51 PM   #9
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Original Poster
Rep: Reputation: 0
back tot he original problem

Ok.....so now I have my connection shared again...but I still cannot access FTP and telnet on the linux box fromt eh windows one. I tried this with a cleared hosts.allow and hosts.deny as well as the ones that raz mentioned above.

I set the firewall to block everything but web server (port 80). This doesnt shut it all off from the internal device (eht1) does it?

My impression was that a firewall only blocked out the outside world (eth0).

ideas, coments, complaints?
Thanks,

Jeremy
 
Old 05-11-2001, 05:26 AM   #10
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Wow I answered a question correctly. I didn't see that one coming. :-)

Anyway, I'm confused as to what kind of firewall software you've put up.


Use this process to see what needs fixing:
Then supply more details on the software and settings.

on linux box:
1) When you "#netstat -nap" you see the telnet 23 and ftp 21 ports ready and listening. yes goto (2), no goto (5)
2) When you "#telnet localhost" it works. yes goto (3), no goto (5)
3) When you "#telnet linux_ip_address" it works yes goto (4), no goto (6)
on windozes box:
(4) When you "ping linux_ip_address" it works yes goto (5), no goto (7)
(5) When you "telnet linux_ip_address" nothing happens or socket timesout goto (8).

answer your firewall script is incorrectly configured to block the access from the internal private network.
(5) start the deamons and check the xinetd.d setting also check the /etc/hosts file for localhost setting 127.0.0.1
(6) firewall blocking the local subnet, /etc/hosts file doesn't know it's own IP address.
(7) a routing problem or firewall blocking ICMP type 8 requests
(8) Firewall set-up to block internal connections to those ports.

go fix..

/Raz
 
Old 05-11-2001, 11:31 AM   #11
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Original Poster
Rep: Reputation: 0
Raz...

Mandrake uses a program called tinyFirewall. It's name doesn't exactly lead me to believe that this is what I want. I tired configuring pmfirewall, but to no avail. pmfirewall would start because of a protocal error with ipchains ::shrug::.....on the other front...

The windows box cannot telnet or ping the linux box. It cannot ping anything but itself. However, I do have intenet (w/ DNS) and the FTP works (either by connecting to 192.168.0.1 or the linuix box's external IP).

as for the "netstat -nap" command....it brings up a slew of stuff and I don't see anyhting about telnet and the FTP program is only mentioned once with no association to the number 21.

As for the telnet on the linux box...rthere is no obvious trace of the telnet deamon running in linuxconf...there is no option to enable/start it and I know its installed.


hmmmm...I REALLY appreciate the help raz...Thanks,

Jeremy
 
Old 05-11-2001, 04:07 PM   #12
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Original Poster
Rep: Reputation: 0
Angry

My head is starting to hurt...too much thinking...Blasted college education

--Jeremy
 
Old 05-12-2001, 01:12 AM   #13
JereBear
LQ Newbie
 
Registered: Mar 2001
Posts: 17

Original Poster
Rep: Reputation: 0
Ok, I'm ditching the Mandrake firewall thing.....and I'm persuing pmfirewall. I installed ipchains and ran the install script everything's fine. But when I go to run pmfirewall I get "ipchains: Protocol Not Available" running down the screen, a lot of them. What does this mean? I did everything right in the install script, but no dice.

Thoughts now?

Jeremy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
accessing my site from internal network FLBlindman Linux - Networking 10 08-22-2005 09:39 PM
accessing an internal network via internet softice2001 Linux - Networking 7 10-21-2004 12:35 PM
accessing an internal network via internet kg4joh Linux - Networking 1 10-03-2004 08:02 PM
internal box to external IP's? TigZy Linux - Networking 4 09-29-2004 06:39 PM
?Accessing my internal (c type) ip webpages from external pudhiyavan Linux - Networking 7 12-08-2003 12:48 AM


All times are GMT -5. The time now is 01:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration