LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-10-2005, 07:36 PM   #1
Fetch
LQ Newbie
 
Registered: Jan 2005
Posts: 8

Rep: Reputation: 0
iptables and slackware


newbie needs help:

I'm trying to get my Slackware 10 machine to mount a directory on another machine on the network.

I get this error:

mount: RPC: Unable to receive; errno = No route to host

I've set up a rc.firewall script (/etc/rc.d/rc.firewall) which allows nfs, portmap, etc, and when I type: iptables -L I see what I expect, but Slackware seems to be paying no attention to iptables.

When I nmap the localhost, I see that rpcbind is open (good), but nfs is closed. nmap also reveals that http and smtp are open, but I have not referred to them in my rc.firewall.

1) Do I have to 'enable' iptables somehow?

2) How do I tell if my kernel has support for Iptables?

3) where is this default configuration coming from?
 
Old 04-10-2005, 08:18 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Nmaping localhost is usually not a good way to get an idea of what ports are open when troubleshooting networking/firewall problems. Try nmaping from the remote machine instead. Often firewalls will allow local traffic (traffic that the system is sending to itself) but will handle remote traffic more strictly.

1. Should already be enabled. The fact that you can run iptables -L indicates that it's enabled and running.
2. As long as you are running a stock 2.4 (or newer) series kernel it should have it enabled. If you've compiled your own kernel, then you'd need to make sure that the netfilter options are selected during the kernel config step.
3. As far as I'm aware, Slack keeps it's iptables script in /etc/rc.d/rc.firewall
 
Old 04-10-2005, 09:19 PM   #3
Fetch
LQ Newbie
 
Registered: Jan 2005
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks,

I tried nmapping from the remote machine. At first I got the respose that the host was down. It suggested I try -P0. I did this and got this response:

PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
2049/tcp closed nfs

I copied an rc.firewall from a tutorial and modified it. Here is what my rc.firewall looks like:

#!/bin/bash

# rc.firewall for
# Basic Slackware Security

# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT


Any thoughts?
 
Old 04-10-2005, 10:17 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Judging from the error message and your firewall rules, it looks like the problem is due to mountd (rpc.mountd). To start, rule out all the other possibilities. Do the following as root:

iptables -P INPUT ACCEPT
iptables -F

then try connecting with the NFS client. If it works, then you know it's the firewall, if it doesn't work then the problem is elsewhere. Once you are done testing, re-run your firewall script to restore your firewall.

If the problem is the firewall, then it's likely that you'll need to set mountd to run on a single pre-defined port and then open up that port as well for mountd.
 
Old 04-10-2005, 10:32 PM   #5
spurious
Member
 
Registered: Apr 2003
Location: Vancouver, BC
Distribution: Slackware, Ubuntu
Posts: 558

Rep: Reputation: 31
Just so the obvious isn't overlooked, does the /etc/exports file on the remote nfs server allow a connection from your Slackware box?
 
Old 04-11-2005, 11:41 PM   #6
Fetch
LQ Newbie
 
Registered: Jan 2005
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks for the help.

It turns out that the problem was the mountd port. I adjusted my firewall rules, and everything works fine.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
slackware iptables startup Atrocity Slackware 4 07-01-2005 11:47 AM
Slackware 10.1 and iptables configuration help houler Linux - Security 25 05-11-2005 05:21 PM
iptables rules in Slackware? steamfamous Linux - Networking 2 01-12-2005 04:12 PM
slackware 10 & iptables atari303 Linux - Networking 8 11-07-2004 02:17 AM
slackware iptables firewall hooker Linux - Networking 3 08-23-2002 10:47 PM


All times are GMT -5. The time now is 09:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration