LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-04-2003, 08:27 AM   #1
dsheppard
LQ Newbie
 
Registered: Dec 2001
Posts: 3

Rep: Reputation: 0
Mandrake MNF 9.0 Problem.


Hello,

Could someone please help me.. I've spent the past 2 days searching and reading and tying and trying to get my MNF 9.0 to work.. I've rebuilt and played and reconfigured and really need some help as I am now going quite mad!!!!

I'm installing MNF on a machine with 3 NIC's and have moved it to my internal LAN with a machine on the LAN side and the rest of my network on the WAN side, including my old gateway. It's configured like this:

eth0 dmz 192.168.9.33 255.255.255.240
eth1 lan 192.168.9.1 255.255.255.224
eth2 wan 192.168.254.1 255.255.255.0

gateway for wan: 192.168.254.2

When I log into the firewall as su I can ping anything on any network and can get DNS resolution. I've tried to add a masq and all sorts of other things, but can't get the machine on the LAN to get anything back from anywhere.. I get REJECT logs from the lan2wan rule, so change that to ACCEPT and it does, but no replies..

Also, here's a copy of the "grep -v ^# /etc/shorewall/{zones,interfaces,masq,policy,rules} |grep -v ^$ > /root/output.txt" command. I've madea few mods, but still can't find anything..

/etc/shorewall/zones:
/etc/shorewall/zones:
/etc/shorewall/zones:lan LAN local_area_network
/etc/shorewall/zones:dmz DMZ demilitarized_zone
/etc/shorewall/zones:wan NET internet
/etc/shorewall/interfaces:
/etc/shorewall/interfaces:
/etc/shorewall/interfaces:dmz eth0 detect
/etc/shorewall/interfaces:lan eth1 detect
/etc/shorewall/interfaces:wan eth2 detect
/etc/shorewall/masq:
/etc/shorewall/masq:
/etc/shorewall/masq:
/etc/shorewall/policy:
/etc/shorewall/policy:
/etc/shorewall/policy:lan all REJECT info
/etc/shorewall/policy:dmz all REJECT info
/etc/shorewall/policy:fw all REJECT info
/etc/shorewall/policy:wan all DROP info
/etc/shorewall/policy:all all REJECT info
/etc/shorewall/rules:
/etc/shorewall/rules:
/etc/shorewall/rules:ACCEPT fw wan tcp 53 -
/etc/shorewall/rules:ACCEPT fw wan udp 53 -
/etc/shorewall/rules:ACCEPT dmz wan udp 53 -
/etc/shorewall/rules:ACCEPT lan wan udp 53 -
/etc/shorewall/rules:REJECT wan fw tcp 113 -
/etc/shorewall/rules:ACCEPT lan fw tcp 22 -
/etc/shorewall/rules:ACCEPT lan fw tcp 8443 -
/etc/shorewall/rules:ACCEPT fw lan icmp 8 -
/etc/shorewall/rules:ACCEPT lan fw icmp 8 -
/etc/shorewall/rules:ACCEPT lan dmz icmp 8 -
/etc/shorewall/rules:ACCEPT dmz lan icmp 8 -
/etc/shorewall/rules:ACCEPT dmz fw icmp 8 -
/etc/shorewall/rules:ACCEPT fw dmz icmp 8 -
/etc/shorewall/rules:ACCEPT lan wan tcp pop3 -
/etc/shorewall/rules:ACCEPT lan wan tcp smtp -
/etc/shorewall/rules:ACCEPT lan wan tcp http -
/etc/shorewall/rules:ACCEPT lan wan tcp https -
/etc/shorewall/rules:ACCEPT lan wan tcp ssh -
/etc/shorewall/rules:ACCEPT lan wan tcp ftp -
/etc/shorewall/rules:ACCEPT lan wan tcp nntp -
/etc/shorewall/rules:ACCEPT fw wan udp ntp -
/etc/shorewall/rules:ACCEPT lan wan tcp imap -
/etc/shorewall/rules:ACCEPT fw wan:20022 tcp ftp -

Please help...
Cheers,
Dean.

Last edited by dsheppard; 08-05-2003 at 07:50 AM.
 
Old 08-04-2003, 05:52 PM   #2
mindnumbed
Member
 
Registered: Jul 2003
Location: Scotland
Distribution: Debian
Posts: 74

Rep: Reputation: 15
try adding, in the masq file
eth0 eth1
eth2 eth1
eth0 eth2

this should allow the zones to talk to each other (loc to all and wan to dmz).
 
Old 08-04-2003, 05:55 PM   #3
mindnumbed
Member
 
Registered: Jul 2003
Location: Scotland
Distribution: Debian
Posts: 74

Rep: Reputation: 15
soz, that's masquerading ip addresses (which is maybe not what you want, though it will be for lan2wan and mebbe wan2dmz). I have never really bothered with just routing as i have never had the need.
MN
 
Old 08-05-2003, 07:55 AM   #4
dsheppard
LQ Newbie
 
Registered: Dec 2001
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks, but din work..

Thanks for the help, I tried it all and didn't work.. I've updated the grep output above. I rebuild and got it working from the firewall only.. everything else is basse config..

Please help anyone..

Cheers,
Dean..
 
Old 08-05-2003, 05:59 PM   #5
mindnumbed
Member
 
Registered: Jul 2003
Location: Scotland
Distribution: Debian
Posts: 74

Rep: Reputation: 15
hmm...i noticed your policy is rather aggressive... try putting in more accepts, maybe that will work - if you do all all accept, what happens?

i tend to start with that and then close up until things stop working. you've probs allready tried that though...you could always check the really obvious things like which nic is which, as it may not always be the one you expect, though it looks as if you're sorted that way. can the machines talk to the firewall?
MN

MN
 
Old 08-05-2003, 08:31 PM   #6
dsheppard
LQ Newbie
 
Registered: Dec 2001
Posts: 3

Original Poster
Rep: Reputation: 0
Yeah, I know what you mean.. These are the default policies and rules though.. I thought I'd leave everthing default as I assumed it should work "out of the box" If I change the lan2wan policy to ACCEPT (with logging), I get and ACCEPT report on the firewall, but still no traffic..

Anymore ideas?? =P

Thanks,
Dean..
 
Old 08-06-2003, 03:33 AM   #7
thecrews
LQ Newbie
 
Registered: Aug 2003
Posts: 2

Rep: Reputation: 0
You can try /etc/shorewall/policy:lan wan ACCEPT
 
Old 08-06-2003, 05:40 AM   #8
mindnumbed
Member
 
Registered: Jul 2003
Location: Scotland
Distribution: Debian
Posts: 74

Rep: Reputation: 15
hrmmmmph... this is turning into a very interesting problem!
check /etc/shorewall/shorewall.conf, make sure IP_FORWARDING=On and NAT_ENABLED=Yes
long shot, but it could explain why it's not working

MN
 
Old 08-06-2003, 02:04 PM   #9
thecrews
LQ Newbie
 
Registered: Aug 2003
Posts: 2

Rep: Reputation: 0
I had the same problem as dsheppard. In the manual for MNF http://www.mandrakelinux.com/en/doc/...l/ch06s04.html it had it in there (lan wan accept). I thought it would work without it too, but it doesn't for me.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Video Problem with Mandrak 10 bob4432 Linux - Newbie 6 07-06-2004 08:39 AM
MNF to MNF VPN jillges Linux - Networking 7 03-16-2004 04:48 PM
mandrake MNF firewall problem systems Linux - Networking 1 10-13-2003 02:13 PM
drake security MNF problem balam Linux - Networking 4 06-19-2003 09:47 PM
Mouse stays in top left corner after Mandrak 9 Install could be problem with X Shorty Linux - Newbie 4 04-09-2003 11:06 PM


All times are GMT -5. The time now is 09:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration