LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices



Reply
 
Search this Thread
Old 12-03-2004, 11:12 PM   #1
clarence1720
LQ Newbie
 
Registered: Oct 2004
Location: Denver
Distribution: Red Hat 9.0
Posts: 29

Rep: Reputation: 15
Allow Incoming Traffic


How do I make Mandrake 10.0 allow incoming traffic? I can ping anywhere in the world, but none of my other machines that are on the same network cannot ping my Mandrake machine.

When I type "iptables -L" I get this:

Chain INPUT (policy ACCEPT)
target prot opt source destination


Chain FORWARD (policy ACCEPT)
target prot opt source destination


Chain OUTPUT (policy ACCEPT)
target prot opt source destination


What does this mean, how do I configure my IPChains to allow incoming traffic?

Thanks

Lance
 
Old 12-04-2004, 06:44 AM   #2
opjose
Senior Member
 
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090

Rep: Reputation: 46
If your Linux box is not acting as a firewall there is no need to run the iptables service.

Type as root.

service iptables stop

And to have it not start at boot...

chkconfig --del iptables
 
Old 12-04-2004, 11:39 AM   #3
clarence1720
LQ Newbie
 
Registered: Oct 2004
Location: Denver
Distribution: Red Hat 9.0
Posts: 29

Original Poster
Rep: Reputation: 15
Okay, I ran service iptables stop and this is what it said.

Resetting built-in chains to the default ACCEPT policy

I still can't ping it. I have 2 machines on my private network here.
WIndows XP = 216.160.177.235
Mandrake 10.0 = 216.160.177.233

Mandrake can ping XP, and the gateway, but XP cannot ping Mandrake.

Thanks

Lance
 
Old 12-04-2004, 02:03 PM   #4
opjose
Senior Member
 
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090

Rep: Reputation: 46
Post the output of ifconfig and route -n on your Linux machine.
 
Old 12-04-2004, 05:09 PM   #5
clarence1720
LQ Newbie
 
Registered: Oct 2004
Location: Denver
Distribution: Red Hat 9.0
Posts: 29

Original Poster
Rep: Reputation: 15
[root@server-rig root]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:40:F4:45:8B:2A
inet addr:216.160.177.233 Bcast:216.160.177.239 Mask:255.255.255.248
inet6 addr: fe80::240:f4ff:fe45:8b2a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:959 errors:0 dropped:0 overruns:0 frame:0
TX packets:1104 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:364911 (356.3 Kb) TX bytes:134084 (130.9 Kb)
Interrupt:10 Base address:0x4000

eth1 Link encap:Ethernet HWaddr 00:50:2C:01:30:A7
inet6 addr: fe80::250:2cff:fe01:30a7/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:42 errors:0 dropped:0 overruns:0 frame:0
TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3537 (3.4 Kb) TX bytes:1530 (1.4 Kb)
Interrupt:11 Base address:0xec00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1394 (1.3 Kb) TX bytes:1394 (1.3 Kb)



[root@server-rig root]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
216.160.177.232 0.0.0.0 255.255.255.248 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 216.160.177.238 0.0.0.0 UG 0 0 0 eth0
 
Old 12-05-2004, 04:49 AM   #6
opjose
Senior Member
 
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090

Rep: Reputation: 46
Eh wait a second here...

You have two interfaces.

One of which is unconfigured.

This means that both your Linux box and Windows PC's are on "PUBLIC" IP's.

Does your ISP permit this (most do NOT unless you pay additional fees).

Also who owns the 216.160.177.232 subnet you are on?

And do you really have a gateway at 216.160.177.238 ?
 
Old 12-05-2004, 10:36 AM   #7
clarence1720
LQ Newbie
 
Registered: Oct 2004
Location: Denver
Distribution: Red Hat 9.0
Posts: 29

Original Poster
Rep: Reputation: 15
This whole network is on the backside of my netgear cable/dsl router. I simply change from the 192.0.0.X business into a smaller subnet that I used to rent and was used to. The 216.160.177.238 is the private/backside IP address of my netgear, the front side/public side is 67.166.18.XX, which is pulled from Comast Cable.

There are 2 interfaces on the Mandrake machine. One is built into the motherboard, Eth1. The other is a linksys, Eth0 which is the one I use.
 
Old 12-05-2004, 11:22 AM   #8
opjose
Senior Member
 
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090

Rep: Reputation: 46
But 216.160.177.232 is not a private reserved IP.

This will cause problems for you right and left since it still will be routeable to another subnet.
 
Old 12-05-2004, 11:29 AM   #9
clarence1720
LQ Newbie
 
Registered: Oct 2004
Location: Denver
Distribution: Red Hat 9.0
Posts: 29

Original Poster
Rep: Reputation: 15
It's all on the backside of my netgear, which is a private network. Anything that goes out is encapsulated with my cable IP address. It works....before mandrake I had slackware, with a apache web server, a sendmail server, and a ssh server. No one on the side of my netgear ever.....ever sees the 216.160.177.232 network.
 
Old 12-05-2004, 12:50 PM   #10
opjose
Senior Member
 
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090

Rep: Reputation: 46
Ok, that makes sense, although if you ever had occasion to try to send and receive packets to a network on the Internet side with an address of 216.160.177.xxx you'd never reach it...

Anyway, do you have any other firewall software installed on your Linux box and/or it's it's security higher than "normal"?
 
Old 12-05-2004, 03:03 PM   #11
clarence1720
LQ Newbie
 
Registered: Oct 2004
Location: Denver
Distribution: Red Hat 9.0
Posts: 29

Original Poster
Rep: Reputation: 15
I confess, your right about never being able to communicate to the real 216.160.177.XX network, but I'm a creature of habit. =)

I haven't installed any software on the Mandrake box. I did a clean install on friday 12/03/04.

During the install it asked me to choose a security level. I chose Higher which said

"Higher: With this security level, the use of this system as a server becomes possible. The security is now high enough to use the system as a server which can accept connections from many clients. Note: if you machine is only a client on the Internet, you should choose a lower level.

Well I chose this level because I want to be setting up Apache, Sendmail, and SSH.

Thanks

Lance
 
Old 12-05-2004, 03:57 PM   #12
opjose
Senior Member
 
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090

Rep: Reputation: 46
Yeah I believe at "HIGH" you loose the ability to ping the machine.

Almost all services which respond to internet requests are shut down at this level.

It may be overkill to leave things this high since it sits behind a firewall.

Try changing the msec level in the MCC.

You then may have to manually launch the msec cron task that actually updates the permissions...

see /etc/cron.daily
 
Old 12-05-2004, 04:33 PM   #13
jchance
Member
 
Registered: Sep 2003
Location: New Hampshire USA
Distribution: Mandriva 2006 & 2007 Power Pack Club
Posts: 178

Rep: Reputation: 30
If you want to run it on a smaller subnet why not run 10.x.x.x addresses? I understand creature of habbit but it will definitly make less of a chance for conflicts.
 
Old 12-05-2004, 07:40 PM   #14
clarence1720
LQ Newbie
 
Registered: Oct 2004
Location: Denver
Distribution: Red Hat 9.0
Posts: 29

Original Poster
Rep: Reputation: 15
changing the msec level in the MCC???

What is this? What is msec......and what is MCC?
 
Old 12-05-2004, 07:53 PM   #15
opjose
Senior Member
 
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090

Rep: Reputation: 46
Change the system security level to NORMAL in the Mandrake Control Center.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 01:09 AM
Logging All Incoming / Outbound Traffic technick Linux - Security 1 10-24-2005 03:32 PM
IPCop : Limit incoming traffic to selected IPs and hostnames lothario Linux - Networking 0 01-28-2005 07:35 PM
IP tables / squid incoming traffic xilace Linux - Software 5 10-25-2004 02:38 PM
Wireless traffic stomps isdn traffic on gateway machine Radix999 Linux - Wireless Networking 0 11-14-2003 01:54 AM


All times are GMT -5. The time now is 01:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration