LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices

Reply
 
Search this Thread
Old 02-19-2004, 12:17 AM   #1
WarmFlatSprite
LQ Newbie
 
Registered: Feb 2004
Location: Melbourne, FL/Rome, NY USA
Distribution: Gentoo
Posts: 6

Rep: Reputation: 0
Angry Internal Firewall/Gateway problems on complex home network


Hello all,

Before going into my problem, I think it'd be good if I layed out my home network. Our Internet feed is a cable modem on which the house shares a single IP address. The computers in the house connect either via 802.11b or via Ethernet to a Linksys 802.11b router. I am trying to move the one computer that is connecting via Ethernet out into the living room, away from the cable modem and router. My plan was to set up my server as an internal router (the server connects via wireless), and have this computer connect through it via Ethernet. I did this almost successfully using JordanH's script. (thread id 121379. could not use a link because this is my first LQ post -- sorry...)

I am now unable to connect to my server remotely via ssh and samba, even though the server itself does have an Internet connection. (I'm posting this from the server currently).

The connections for ssh and samba are being forwarded from the Linksys router to my server's IP, but my server is not accepting them. I'll post the only modification of the script I made, which was the default configuration.

Code:
 echo "Bringing up the firewall and routing tables." 

 ################################################################################
 # Default options
 # These options configure the below script. It would be a good idea to move
 # them to a conf file in /etc and then source it from this script.
 ################################################################################
 echo 1 > /proc/sys/net/ipv4/ip_forward
 # location of iptables command
 ipt=/sbin/iptables
 #
 # Interfaces
 # Be sure to be accurate when defining these interfaces.
 # ext is your external card, likely ppp0 for DSL or eth1 for cable
 lo=lo
 ext=wlan0
 int=eth0
 #
 # Spoofing protection. List all networks and IP addresses that should NOT exist
 # in the real world.
 #
 spoofed="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12
 192.168.0.0/16 255.255.255.255"
 #
 # List all ports to open ON your firewall
 #
 tcp_ports="22 139"
 udp_ports=""
 #
 # These logging options will be used for all logged packets
 #
 logops="--log-leve=3 -m limit --limit 1/second --limit-burst=3"
 ################################################################################
and here's the snippet that opens the ports on the server...

Code:
 ################################################################################
 # EXT_FIREWALL
 # Packets entering firewall machine
 # 1. Allow established and related connections
 # 2. Allow new connections on specified ports
 # 3. Log and Drop everything else
 ################################################################################
 $ipt -N EXT_FIREWALL
 $ipt -A EXT_FIREWALL -m state --state INVALID -j DROP
 $ipt -A EXT_FIREWALL -j SPOOF
 $ipt -A EXT_FIREWALL -m state --state ESTABLISHED,RELATED -j ACCEPT
 $ipt -A EXT_FIREWALL -p icmp -j ACCEPT
 #love it, but I'm still greatly uneducated.
 # Open ports
 #
 for tcp_p in $tcp_ports
 do
 $ipt -A EXT_FIREWALL -p tcp --dport $tcp_p -m state --state NEW -j ACCEPT
 done
 for udp_p in $udp_ports
 do
 $ipt -A EXT_FIREWALL -p udp --dport $udp_p -m state --state NEW -j ACCEPT
 done
 $ipt -A EXT_FIREWALL -j LOG --log-prefix "IPT: EXT_FIREWALL: " $logops
 $ipt -A EXT_FIREWALL -j DROP
 ################################################################################
I know this script works because many people here at LQ have used it and loved it. I'm assuming that the problem is somewhere else in my configuration. If I can post anything else useful, please let me know.

I'm currently running the latest version of Gentoo Linux on a vanilla 2.4.24 kernel.
I'm also using the ndiswrapper for my wireless card.

This IS my first ever linux server, and I do have to say that I LOVE it (MUCH faster than Windows solutions, not to mention, FREE!), but I'm still greatly uneducated on the subject having migrated to linux from XP only two weeks ago.

Any help on this is GREATLY appreciated -- thanks in advance, also, JordanH, should you read this -- thanks for the script!
 
Old 02-19-2004, 02:00 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
What's the output of
netstat -lut

and

ifconfig -a

?
 
Old 02-19-2004, 08:19 PM   #3
WarmFlatSprite
LQ Newbie
 
Registered: Feb 2004
Location: Melbourne, FL/Rome, NY USA
Distribution: Gentoo
Posts: 6

Original Poster
Rep: Reputation: 0
Hello chort,

The output from netstat -lut is
Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:netbios-ssn           *:*                     LISTEN
tcp        0      0 *:ssh                   *:*                     LISTEN
udp        0      0 *:ntalk                 *:*
udp        0      0 192.168.1.99:netbios-ns *:*
udp        0      0 *:netbios-ns            *:*
udp        0      0 192.168.1.9:netbios-dgm *:*
udp        0      0 *:netbios-dgm           *:*
aaannd... here's the output from ifconfig -a

Code:
dummy0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
 
eth0      Link encap:Ethernet  HWaddr 00:07:95:B1:E0:FF
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:11 Base address:0xd400
 
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3518 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3518 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:142812 (139.4 Kb)  TX bytes:142812 (139.4 Kb)
 
wlan0     Link encap:Ethernet  HWaddr 00:E0:98:B9:04:02
          inet addr:192.168.1.99  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:204507 errors:0 dropped:0 overruns:0 frame:0
          TX packets:157212 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:269620416 (257.1 Mb)  TX bytes:13620759 (12.9 Mb)
          Interrupt:11
yanno -- I'm not too entirely sure how the dummy0 got to be in there. I know how to get rid of it, because I've seen in in the kernel options when I was making the kernel, I must've accidentally checked it... oops. Anyway, now that it's there -- what's it do?

Thanks
 
Old 02-19-2004, 09:33 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Your wired ethernet card has no IP address, that's your problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Home network setup with network firewall/router Gates1026 Linux - Networking 4 01-17-2005 09:26 PM
SuSE 9.2 - firewall blocks internal network cannabuz Linux - Networking 0 01-17-2005 09:34 AM
Setting up a Home Network Gateway. Riddick Linux - Networking 2 06-16-2004 09:58 PM
broadcasts on a home lan using an internal firewall; this is probably impossible lezek Linux - Networking 2 03-22-2004 09:13 AM
Complex home network xblade2003 Linux - Networking 3 07-08-2003 12:16 PM


All times are GMT -5. The time now is 03:41 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration