Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-10-2005, 09:22 PM
|
#1
|
Member
Registered: Sep 2003
Posts: 142
Rep:
|
dnsmasq problem, nat not working
How it is going fellas? Unfortunately no so well for me. I want to upgrade my linksys router to a full time slack router. So let me lay it down for you. I have my cable modem plug into eth0, and i am getting a public ip (I am writing this post from the box now). eth1 is plugin to my network, and is statically assigned 192.168.0.1. All of my clients are getting an private ip, with in the range set forth in my /etc/dnsmasq.conf file. When I ping gw (192.168.0.1) it works, but when I ping google, i get time out, but included with the output of ping is the ip address of google, so that rules out dns. I get the feeling that I have to open up port 80 with iptables, but I am not sure if that is the proble, because I do not know a lot about using iptables. I have also started /etc/rc.d/rc.ip_forward. I will be glad to post any config file you request. Thanks alot fellas
-tank
|
|
|
01-10-2005, 09:55 PM
|
#2
|
Member
Registered: Oct 2003
Location: Kuala Lumpur, Malaysia
Distribution: Slackware 13.37 current
Posts: 770
Rep:
|
Why use Slackware as a firewall? IPCop and M0n0wall are far more optimised.
|
|
|
01-10-2005, 10:08 PM
|
#3
|
Member
Registered: Sep 2003
Posts: 142
Original Poster
Rep:
|
I understand your point, but I would like to house some other things on this box as well: ftp, ssh, samba (network drive), cups (network printer), and squid. But this is all in due time.
-tank
|
|
|
01-10-2005, 10:32 PM
|
#4
|
Member
Registered: Sep 2004
Location: old village
Distribution: android, BSD, CentOS, Ubuntu
Posts: 221
Rep:
|
in
/etc/resolv.conf
add
nameserver = X.X.X.X
if you have dnsmasq setup on 192.168.0.1 then its that after the '='
|
|
|
01-10-2005, 10:33 PM
|
#5
|
Member
Registered: Sep 2004
Location: old village
Distribution: android, BSD, CentOS, Ubuntu
Posts: 221
Rep:
|
and i love my slackware router...
|
|
|
01-10-2005, 10:35 PM
|
#6
|
Member
Registered: Sep 2004
Location: old village
Distribution: android, BSD, CentOS, Ubuntu
Posts: 221
Rep:
|
DRAT!!!
ok.. i don't know how to edit my post...
its not
'nameserver = 192.168.0.1'
it's
'nameserver 192.168.0.1'
sorry...
really.. i'm sorry.
|
|
|
01-10-2005, 10:44 PM
|
#7
|
Member
Registered: Sep 2003
Posts: 142
Original Poster
Rep:
|
Not quite sure of your post (posts , but yes dnsmasq is running on 192.168.0.1 (eth1). My /etc/resolv.conf looks like this, on my slack router.
Code:
nameserver 167.206.3.224
nameserver 167.206.3.223
nameserver 167.206.3.158
Those would be from my isp.
client /etc/resolv.conf
Code:
nameserver 192.168.0.1
I have tried adding my routers resovl.conf to my client, but no dice.
-tank
|
|
|
01-11-2005, 01:40 PM
|
#8
|
Member
Registered: Sep 2003
Posts: 142
Original Poster
Rep:
|
I would like to thank you guys for you help, but I have a one other
question. Using iptables, how do I block specific ports on a
specific network cards? I want to set up samba and cups, but I do
not want the Internet to have them. For example I want to block
port 631 on eth0 (connect to my modem) and keep it open on eth1,
so my network will have access. Can I define this in cupsd.conf. With
samba, I believe in the [global] section you can add "interfaces = ethX"
and it will only broadcast on those specified nics. Thanks alot.
-tank
|
|
|
01-11-2005, 11:37 PM
|
#9
|
Member
Registered: Sep 2004
Location: old village
Distribution: android, BSD, CentOS, Ubuntu
Posts: 221
Rep:
|
did you get everything working??
i have a completely slackware network.. and i swear i'll try to be more lucid in my next posts..
please let me know if anything isn't doing anything.
|
|
|
05-26-2006, 05:15 PM
|
#10
|
Senior Member
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
|
Regarding you iptables question. You should normaly block everything with setting the policies and only allowed specific ports to be open. Something like
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
to have everything dropped coming from (output), to (INPUT) and through (FORWARD) your box. And then allow special ports
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT
to allow all traffic from and to your homenetwork.
check out the man page of iptables or take a look at
http://sourceforge.net/search/?type_...omeLanSecurity
|
|
|
All times are GMT -5. The time now is 02:24 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|