Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
OK, its a bit off topic, but as has been pointed out, running samba and a firewall on the same box can be troublesome. The following took me a long time (too long) to get working.
I could not get a W2k box to connect if I plugged it in downstream of the linux iptables box. If I plugged it into the netgear box, it worked.
The answer was to use static IP address for the linux box running iptables (both its NIC's)
Also, to use SNAT on packets departing upstream of the iptables box
Details
cable modem
|
netgear box (NAT)
dhcp + static range. private net 192.168.y.x
|
eth0
linux box: iptables, samba.
dhcp private net 192.168.z.x
eth1
|
hub-> pc's (inc w2k box with Nortel extranet vpn)
The nortel client sets up the vpn to some external host with the
numbers you type in off the keyfob.
NOTE these fobs DO get out of synch and then you cant connect at all.
the magic incantation in iptables was
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
where $INET_IFACE is the upstream nic (eth0) of the iptables box
and $INET_IP is the static ip of the same.
hope that helps someone.
[woolgathering - suggest ignore]
Even more off topic: Is it really worth all the effort of running iptables these days.
Yes, back when you had dialup, MASQ was great, and a firewall was a good idea. Similarly when in the early days, cable modem, isdn and dsl users got static ip's, they needed some form of NAT/MASQ/port blocking and linux was
a) low cost
b) worked
But now? - those little blue and grey boxes are very compact and amazingly cheap, plus, with a web browser, you can set up a firewall that would take better understanding of iptables than I have.
I suspect those little grey and blue boxes are running mini-linux on rom with a mimimalist apache web server. The revolution continues! - albeit in a slimmed-down form. (Incidentally - is this the first example of linux embracing and extending microsoft? - apropos 'internet connection sharing' and the demise of surfdoubler)
Anyway, apart from breaking in and changing the port block settings, just what could one *do* with one of those boxes? its not like they can run a mail server.
hardware firewalls are very cheap, you're right. Most people only need that. I think iptables is great for custom stuff, like three-homed network, extensive logging. It is also very appreciated to protect a host in the dmz (multi-layer security)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.