How can i get free access between to mandrake boxes in a lan?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How can i get free access between to mandrake boxes in a lan?
Hi friends
OK no matter how much i read about shorewall i cant understand it. Here is the senario:
I got two mandrake boxes in a LAN. One is connected to internet via ADSL (i got two network cards in that box).
On the box connected to internet i got shorewall watching the doors.
A couple of months ago i used Webmin to configure shorewall so i could communicate via NFS and it have worked well since then. Until yesterday when i used the "Mandrake wizard" to open another port and it totaly destoyed my nice configuration.
Ofcourse i cant remember the settings i have made (and its not the first time i made the misstake to use the wizard...)
I am the only one using both computers do i really need to have a firewall "between" both computers? It should really save me some google time to have the gates totaly open between the computers. I mean all traffic to the "dangerous" internet passes through the firewall anyway
How do i open the firewall so both computers could freely communicate? Is that done with a policy?
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820
Rep:
Provided you are the only user on both machines, it is debatable whether you need to firewall between them. On one hand, one of the machines is on the Internet, and therefore subject to possible cracking. If someone rooted your Internet enabled machine, without a firewall on the other machine they would own both machines fairly easily. However, as long as you do your level best to secure the Internet enabled machine your odds are pretty low of being rooted, so it s a security vs. convenience issue.
It is not a policy that you need to create full access between machines, but a couple of well written rules. Assuming your ip's are 192.168.0.1 and 192.168.0.2 the following would do it.
These go into the firewall on the machine with 0.1 as its internal IP
iptables -A INPUT -s 192.168.0.2 -p ALL -j ACCEPT
iptables -A OUTPUT -d 192.168.0.2 -p ALL -j ACCEPT
Or you could do it by interface name
iptables -A INPUT -i eth1 -p ALL -j ACCEPT
iptables -A OUTPUT -o eth1 -p ALL -j ACCEPT
On the internal machine you can simply turn off the firewall entirely.
It's early here so if anyone spots a mistake or has a better method, pipe up..;-)
Your ideas seems very smart (i checked the man page and i think i understand the meaning), but i have a feeling of that mandrakes "preconfiguredspecialstrangepolicy" settings is messing with me. It would be nice to kick out the wizards and take control. I belive knowledge is the best security.
Mayby you could recomend some nice gui wich is a bit more intuitive then webmins shorewall.
Bye the way i tried your settings and ofcourse it didnt work in my messy firewall
Klas:
You say you have Mandrake with two ethercards.
One for internet, and one for internal.
I am trying to get a similar setup working. Mandrake 10.0
Both my ethernet cards are the same make and model (SMC 1244TX).
I am having a lot of trouble getting both recognized by the kernel at load time. It looks like default tulip.ko cannot handle two cards.
Since you have this setup working any suggestions?
(Mandrake H/W wizard sees both cards on the PCI bus).
Thanks, Greg
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820
Rep:
I tried many different GUI's for iptables until realizing there is no good GUI for iptables. The best way to do Linux firewalling IMO is to read the how-to's, and write a firewall script by hand. It sounds harder than it is. Remember the golden rule of iptables: write a rule, test a rule, write another rule, test again. Repeat.
You can try Guarddog or any of the other iptables GUI's if you want, but don't expect miracles. The only way to get the job done right is to do it yourself.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.