OK, I think I've learned something tonite...
Mandrake seems to like adding the line:
ALL:ALL EXCEPT localhost:DENY
to the /etc/hosts.deny file. Since this is the case, you'll need to remove
it and add your internal client (Box2) to the /etc/hosts/allow file on Box1
with:
ALL:ALL 192.168.100.2:ACCEPT
this should clear a few things up and we can continue.
> Do I have to use a Firewall anyway?
Yes, actually, firewalling in linux can do two things: protect your machine
from hackers, and masquerade internal IP addresses so that more than one box
can access the internet. (and other things, but that's enough for now).
Download the pmfirewall tarball from www.pointman.org and we can get that
install to establish firewall rules, and masquerading in a very easy
installation script.
For the file and printer sharing, if Box2 is a windows box, you'll need to
install Samba, if not we're much closer.
The firewall: once you've downloaded the tarball for pmfirewall, gunzip and
untar it (gunzip filename, then tar -xvf filename). cd to the pmfirewall
directory, and type ./install (that's: dot-slash, then install--I still
can't see them dots!)
The first thing you'll be asked for is a directory, choose the default.
Then for your external interface, type: ppp0
say no to almost everything, unless you plan to run ftp, ssh, httpd, etc.
And if you use chat rooms, say yes to IDENT.
You'll be asked if you'd like to open ports for special IP ranges, just
press enter, Mostly, the defaults are what you'd like to select.
You'll then be asked if you want pmfirewall to autmatically detect your
external IP, say yes.
then You'll be given the option to masquerade, say yes.
The internal interface is eth0.
Automatic detection of IPs is good. Say yes.
pmfirewall should be set up at this point (if I've missed anything, simply
select the default setting).
Just to make sure, cd into /usr/local/pmfirewall and type: ./pmfirewall
restart
You should see you IP address listed correctly.
At this point, you should be able to ping straight through your new
firewall, from Box2 out to the internet.
Now, I'd suggest you go to www.psionic.com, and get yourself portsentry.
When you've done that we can install portsentry and really tighten up your
firewall box.
--Greg
> Configuration is Internet <==> [Modem--Box1--NIC] <==> HUB <==>
> [NIC--Box2]>
> Box2 also has a modem. Box2 can access the internet but networking is not
> setup. If I do setup Networking thru Drakconf , the same situation will
> occur. Under "Basic Host Information-- adaptor 1" I use manual instead of
> Dchp. Is that allright? I tried to install the rpm's for Dchp but "eth0"
> fails during boot when I enable Dchp. Do I need Dchp?
>
> I changed the "static gateway" as you suggested to 192.168.100.1------I
got
> the same Message "peer is not authorized to use remote address
> 192.168.100.1"
> Here is /etc/reslove.conf below
> nameserver 192.168.100.1
> nameserver 208.223.196.128
>
> Whenever I use the "default" gateway instead of a"static" gaetway ,I get
> the same message except the DNS number is 208.223.199.240-----I have never
> intered this number, my ISP doesn't know (or admit) where it comes from.
My
> ISP assigns me a differnet DNS number everytime I logon. My ISP is of very
> little help with Linux.
>
> Greg , what I'm wanting to do is be able to share files (and printer) and
> also to be able to access internet from either computer. I"m not wanting
my
> LAN to be accessed through the internet. Do I have to use a Firewall
anyway?
>
> Sorry for my ignorance, the help is much appreciated!!
> Thanks
> Bob
> ----- Original Message -----
> From: Greg Stewart <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, August 20, 2000 3:45 AM
> Subject: Re: [newbie] Kppp and Networking
>
>
> > 1. I can't believe I'm doing this at 4:13am...where the hell did my life
> go?
> >
> > 2. > ISP Dns 208.223.196.128 (I also set this as Gateway in
> Kppp
> > This has got to go. If you had a firewall, you'd use the firewall's
> > internal IP address as the gateway...but you can't use the DNS server as
> > your gateway, it's just not kosher.
> >
> > 3. I'm going to make an assumption here: it sounds like you have one box
> > with a modem, which dials your ISP. There's a NIC in that box that
> connects
> > to a hub, and another cable running to your second box from the hub.
Kinda
> > like this:
> >
> > Internet <==> [Modem--Box1--NIC] <==> HUB <==> [NIC--Box2]>
>
> > Let's say Box1 has the modem configured for DHCP, and you have obtained
> the
> > DNS server IPs from /etc/resolve.conf.
> >
> > In Box1:
> > eth0 should then become 192.168.100.1.
> > Subnet Mask 255.255.255.0
> > Gateway 192.168.100.1 (itself, yes.)
> > DNS server: 208.223.196.128
> >
> > In Box2:
> > eth0 would then be 192.168.100.2.
> > Subnet Mask also 255.255.255.0
> > Gateway 192.168.100.1 (the other machine's internal NIC--since
> > that's the one connecting to the internet)
> > DNS server: 208.223.196.128
> >
> > That 208.223.199.240 IP address resolves "208-223-199-240.du.pldi.net"
> > This appears to be either the IP address you were given at the time you
> > looked fro the information, or someone else's IP address. Apparently
your
> > ISP (pldi.net) uses the dial-up host's IP address combined with their
> domain
> > name to identify the connected machines. This does not belong anywhere
in
> > your configuration unless this is the IP address you supposed to assign
> your
> > machine for the life of your membership with pldi.net.
> >
> > Now, this *should* get at least that machine with the modem back on the
> > internet... but the other machine needs some additional help to get
> > connected through the other one. It just don't happen automatically.
> >
> > If with this configuration you can ping from the internal box to the
> modem's
> > assigned IP address (do /sbin/ifconfig and check ppp0) then you're ready
> to
> > start firewall/masquerading rules to protect you're machine and get the
> > other one on line at the same time.
> >
> > For this, you may wish to get hold of pmfirewall, which whill script the
> > rules for you and setup up the firewall and masquerade the internal
> machine
> > automatically whenever you make a connection. You can get this at
> > www.pointman.org. It's fairly easy, and I can walk you through the
install
> > when you get it.
> >
> > --Greg
> >
> > > Thanks for reply Greg
> > > 2 computers using 3com905b tx ethernet cards connected thru hub.
> > > Dns Numbers 192.168.100.1 255.255.255.0
> > > 192.168.100.2 255.255.255.0
> > > ISP Dns 208.223.196.128 (I also set this as Gateway in Kppp
> > > setup) If i use the default gateway in Kppp I get the same message
with
> > Dns
> > > 208.223.199.240
> > > I have no idea where this number comes from.
> > > Interfaces running
> > > lo ,eth0
> > > No firewall or masquerading that I know of.
> > > I can ping both computers but have not tried to mount yet. I first
> wanted
> > to
> > > get my internet connection back.
> > > Hope this helps
> > > Bob
> > >
> > >
> >
> >
> >
>
____________________________________________________________________________
> __
> > message envoye depuis http://www.ifrance.com
> > emails (pop)-sites persos (espace illimite)-agenda-favoris
> (bookmarks)-forums
> > Ecoutez ce message par tel ! : 08 92 68 92 15 (france uniquement)
> >
> >
> >
> >
>
>
______________________________________________________________________________
message envoye depuis http://www.ifrance.com
emails (pop)-sites persos (espace illimite)-agenda-favoris (bookmarks)-forums
Ecoutez ce message par tel ! : 08 92 68 92 15 (france uniquement)
