cant ping my linux box

maxut · 05-13-2004, 01:44 AM

Quote:

Originally posted by tommytomato

login as: root
root@192.168.0.28's password:
Access denied
root@192.168.0.28's password:

TT

are u sure that u enter the corect password for root. ssh works. and iptables allow xp to connect shh port.

tommytomato · 05-13-2004, 01:57 AM

Quote:

are u sure that u enter the corect password for root. ssh works. and iptables allow xp to connect shh port.

Yes i can log in, when using the PC it self..

/etc/init.d/sshd status sshd ( pid 487 ) is running

as to iptables i haven't used them before, so i'm kind of lost there

TT

mobassir · 05-13-2004, 03:55 AM

hello

I wants to shrae internet from my linux box with dialup modem, like we use windows 2000 or windows xp internet sharing feature.

i have Redhat 7.3 on system where is modem is install. what is the easy and best way to share internet.

If any one know please guied me step be step

thanks Alot

tommytomato · 05-13-2004, 03:59 AM

I think you posted in the wrong area !

TT

maxut · 05-13-2004, 04:07 AM

if u see ssh login screen in xp box, this means u dont need to configure iptables. u may need to configure ssh server. check its configuration.

www.netfilter.org the offical web site of iptables. but its not easy to learn iptables. u beter search iptables scripts. and try to understand it. iptables is great tool wihch can do NAT, port NAT, firewall, port redirection... it allows us to do what in our mind. because of this it is not basic.

u really dont need firewall for linux box in this situation. but if u think to share internet via linux. visit www.iptables-script.dk . u also may prefer squid cache proxy server to increase performans.

maxut · 05-13-2004, 04:13 AM

tommytomato
let ppl ask their questions.

why doesnt mobassir ask questions about iptables in this post? we are talking about iptables.
remeber i dont have to help u nor mobassir.
but i like to help ppl. so i try to help u. and surely i will try to help mobassir.
respect ppl please.

tommytomato · 05-13-2004, 04:15 AM

If i log in via XP using PuTTY i get access NO

but it does open up, i enter root then it checks i think then ask for pass then i get the error.

When using WinSCP3 I make a new session then enter IP user root and password then another little box pop's up asking for password ( 'root@192.168.1.28session password' ) is what the box is. I enter the pass again then get another little pop up saying ( Auth Failed )

TT

tommytomato · 05-13-2004, 04:18 AM

Is that what he wants to do to..as well

He was alittle hard to understand..

Opp's I didn't mean any thing by it

TT

maxut · 05-13-2004, 04:21 AM

what does it say in /var/log/messages about ssh?

tommytomato · 05-13-2004, 04:24 AM

I was just in vi sshd_config

but i'll have a look

TT

tommytomato · 05-13-2004, 04:29 AM

what should I be looking for ?
I see Hostkey etc etc

I see httpd startup succeeded and MySQL and Postfix

No ssh in there

TT

maxut · 05-13-2004, 04:42 AM

here is my log file.
#cat /var/log/messages | grep sshd

May 13 09:35:34 localhost sshd(pam_unix)[12471]: session opened for user root by (uid=0)
May 13 09:35:59 localhost sshd(pam_unix)[12471]: session closed for user root
May 13 12:41:30 localhost sshd(pam_unix)[13033]: session opened for user root by (uid=0)

and ssh_conf
#cat /etc/ssh/ssh_config
Host *
ForwardX11 yes

tommytomato · 05-13-2004, 04:44 AM

maxut

I just used that page you were talking about.
Iptables Script Generator---> http://iptables-script.dk/index1.php

I put in the tinysofa IP 192.168.0.28 and clicked all boxes

Code:

#!/bin/sh

# iptables script generator: V0.1-2002
# Comes with no warranty!
# e-mail: michael@1go.dk

# Diable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward

LAN_IP_NET='192.168.0.1/24'
LAN_NIC='eth1'
WAN_IP='202.72.131.230'
WAN_NIC='eth0'
FORWARD_IP='192.168.0.28'

# load some modules (if needed)
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp

# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# enable Masquerade and forwarding
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open ports to server on LAN
iptables -A FORWARD -j ACCEPT -p tcp --dport 80
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.0.28:80
iptables -A FORWARD -j ACCEPT -p tcp --dport 21
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j DNAT --to 192.168.0.28:21
iptables -A FORWARD -j ACCEPT -p tcp --dport 22
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to 192.168.0.28:22
iptables -A FORWARD -j ACCEPT -p tcp --dport 25
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to 192.168.0.28:25
iptables -A FORWARD -j ACCEPT -p tcp --dport 110
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -j DNAT --to 192.168.0.28:110

# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

This i'm unsure about WAN_IP='202.72.131.230'
that IP is not my ADSL unit IP..

And this one LAN_IP_NET='192.168.0.1/24' I have IP address higher than that cant i edit them ?

I'm not sure if this is right, how would applied that the tiny sofa using floppy ?

TT

maxut · 05-13-2004, 04:48 AM

Quote:

Originally posted by maxut

u really dont need firewall for linux box in this situation. but if u think to share internet via linux. visit www.iptables-script.dk . u also may prefer squid cache proxy server to increase performans.

i said if u thougth to share internet via linux, u might use that script.
this was also answer for mobassir's question

tommytomato · 05-13-2004, 04:52 AM

I see

That X11 is that a GUI thing ?

under Host* i have

# ForwardAgent no
# ForwardX11 no

Its a shame i cant copy and paste what i got untill i get in via putty

TT