Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I found out that it was always at the samba rules that it took forever to display. As far as the ssh issue, as soon as I added the line below, it fixed it and now connects at pretty normal speed:
#allow established connections
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
without that i couldn't even ping google from the router, but i could get to the internet from the client machines??? But that was definitely what was hanging it up.
Another question I have is, what rule in my iptables is allowing me to connect to my samba share on that machine? I can connect even after flushing rules and I have all my samba rules commented out???
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
27015 4272K ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
41771 51M ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
So is this a bad thing?? Does it create a security hole of any sort from the outside world? Or is it ok since it is the internal nic?
The more open things are if a system became compromised its that much easier to get other systems on the network if there are no rules on the local vlan
The more open things are if a system became compromised its that much easier to get other systems on the network if there are no rules on the local vlan
so if i took the -A INPUT -i eth1 ACCEPT out would i have to add a port for every service... as such:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.