Hi Greg,
I did as you advised except"portsentry". Haven't tried that yet.
I installed pmfirewall, and checked /etc/hosts.allow and /et/hosts.deny
After installing pmfirewall I did ./pmfirewall restart and it showed my dns
numbers allright but it said about ppp0 "device not found" also under
ipchains an "invalid mask message"
at the end it showed
External ppp0 /
Anyway Kppp still fails. The only time I can get Kppp to connect and :reach
out" is when I disable eth0 and my DNS number. Under Kppp Statistics
It will say Local Addr 6x.xx.xx.x Remote Addr. 208.223.199.240
What do I try next?
Thanks
Bob
----- Original Message -----
From: Greg Stewart <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 20, 2000 8:31 PM
Subject: Re: [newbie] Kppp and Networking
> OK, I think I've learned something tonite...
>
> Mandrake seems to like adding the line:
> ALL:ALL EXCEPT localhost:DENY
> to the /etc/hosts.deny file. Since this is the case, you'll need to remove
> it and add your internal client (Box2) to the /etc/hosts/allow file on
Box1
> with:
> ALL:ALL 192.168.100.2:ACCEPT
> this should clear a few things up and we can continue.
>
> > Do I have to use a Firewall anyway?
>
> Yes, actually, firewalling in linux can do two things: protect your
machine
> from hackers, and masquerade internal IP addresses so that more than one
box
> can access the internet. (and other things, but that's enough for now).
>
> Download the pmfirewall tarball from www.pointman.org and we can get that
> install to establish firewall rules, and masquerading in a very easy
> installation script.
>
> For the file and printer sharing, if Box2 is a windows box, you'll need to
> install Samba, if not we're much closer.
>
> The firewall: once you've downloaded the tarball for pmfirewall, gunzip
and
> untar it (gunzip filename, then tar -xvf filename). cd to the pmfirewall
> directory, and type ./install (that's: dot-slash, then install--I still
> can't see them dots!)
>
> The first thing you'll be asked for is a directory, choose the default.
>
> Then for your external interface, type: ppp0
>
> say no to almost everything, unless you plan to run ftp, ssh, httpd, etc.
> And if you use chat rooms, say yes to IDENT.
>
> You'll be asked if you'd like to open ports for special IP ranges, just
> press enter, Mostly, the defaults are what you'd like to select.
>
> You'll then be asked if you want pmfirewall to autmatically detect your
> external IP, say yes.
>
> then You'll be given the option to masquerade, say yes.
>
> The internal interface is eth0.
>
> Automatic detection of IPs is good. Say yes.
>
> pmfirewall should be set up at this point (if I've missed anything, simply
> select the default setting).
>
> Just to make sure, cd into /usr/local/pmfirewall and type: ./pmfirewall
> restart
>
> You should see you IP address listed correctly.
>
> At this point, you should be able to ping straight through your new
> firewall, from Box2 out to the internet.
>
> Now, I'd suggest you go to www.psionic.com, and get yourself portsentry.
> When you've done that we can install portsentry and really tighten up your
> firewall box.
>
> --Greg
> > Configuration is Internet <==> [Modem--Box1--NIC] <==> HUB <==>
> > [NIC--Box2]>
> > Box2 also has a modem. Box2 can access the internet but networking is
not
> > setup. If I do setup Networking thru Drakconf , the same situation will
> > occur. Under "Basic Host Information-- adaptor 1" I use manual instead
of
> > Dchp. Is that allright? I tried to install the rpm's for Dchp but "eth0"
> > fails during boot when I enable Dchp. Do I need Dchp?
> >
> > I changed the "static gateway" as you suggested to 192.168.100.1------I
> got
> > the same Message "peer is not authorized to use remote address
> > 192.168.100.1"
> > Here is /etc/reslove.conf below
> > nameserver 192.168.100.1
> > nameserver 208.223.196.128
> >
> > Whenever I use the "default" gateway instead of a"static" gaetway ,I
get
> > the same message except the DNS number is 208.223.199.240-----I have
never
> > intered this number, my ISP doesn't know (or admit) where it comes from.
> My
> > ISP assigns me a differnet DNS number everytime I logon. My ISP is of
very
> > little help with Linux.
> >
> > Greg , what I'm wanting to do is be able to share files (and printer)
and
> > also to be able to access internet from either computer. I"m not wanting
> my
> > LAN to be accessed through the internet. Do I have to use a Firewall
> anyway?
> >
> > Sorry for my ignorance, the help is much appreciated!!
> > Thanks
> > Bob
> > ----- Original Message -----
> > From: Greg Stewart <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Sunday, August 20, 2000 3:45 AM
> > Subject: Re: [newbie] Kppp and Networking
> >
> >
> > > 1. I can't believe I'm doing this at 4:13am...where the hell did my
life
> > go?
> > >
> > > 2. > ISP Dns 208.223.196.128 (I also set this as Gateway in
> > Kppp
> > > This has got to go. If you had a firewall, you'd use the
firewall's
> > > internal IP address as the gateway...but you can't use the DNS server
as
> > > your gateway, it's just not kosher.
> > >
> > > 3. I'm going to make an assumption here: it sounds like you have one
box
> > > with a modem, which dials your ISP. There's a NIC in that box that
> > connects
> > > to a hub, and another cable running to your second box from the hub.
> Kinda
> > > like this:
> > >
> > > Internet <==> [Modem--Box1--NIC] <==> HUB <==> [NIC--Box2]>
> >
> > > Let's say Box1 has the modem configured for DHCP, and you have
obtained
> > the
> > > DNS server IPs from /etc/resolve.conf.
> > >
> > > In Box1:
> > > eth0 should then become 192.168.100.1.
> > > Subnet Mask 255.255.255.0
> > > Gateway 192.168.100.1 (itself, yes.)
> > > DNS server: 208.223.196.128
> > >
> > > In Box2:
> > > eth0 would then be 192.168.100.2.
> > > Subnet Mask also 255.255.255.0
> > > Gateway 192.168.100.1 (the other machine's internal NIC--since
> > > that's the one connecting to the internet)
> > > DNS server: 208.223.196.128
> > >
> > > That 208.223.199.240 IP address resolves "208-223-199-240.du.pldi.net"
> > > This appears to be either the IP address you were given at the time
you
> > > looked fro the information, or someone else's IP address. Apparently
> your
> > > ISP (pldi.net) uses the dial-up host's IP address combined with their
> > domain
> > > name to identify the connected machines. This does not belong anywhere
> in
> > > your configuration unless this is the IP address you supposed to
assign
> > your
> > > machine for the life of your membership with pldi.net.
> > >
> > > Now, this *should* get at least that machine with the modem back on
the
> > > internet... but the other machine needs some additional help to get
> > > connected through the other one. It just don't happen automatically.
> > >
> > > If with this configuration you can ping from the internal box to the
> > modem's
> > > assigned IP address (do /sbin/ifconfig and check ppp0) then you're
ready
> > to
> > > start firewall/masquerading rules to protect you're machine and get
the
> > > other one on line at the same time.
> > >
> > > For this, you may wish to get hold of pmfirewall, which whill script
the
> > > rules for you and setup up the firewall and masquerade the internal
> > machine
> > > automatically whenever you make a connection. You can get this at
> > > www.pointman.org. It's fairly easy, and I can walk you through the
> install
> > > when you get it.
> > >
> > > --Greg
> > >
> > > > Thanks for reply Greg
> > > > 2 computers using 3com905b tx ethernet cards connected thru hub.
> > > > Dns Numbers 192.168.100.1 255.255.255.0
> > > > 192.168.100.2 255.255.255.0
> > > > ISP Dns 208.223.196.128 (I also set this as Gateway in
Kppp
> > > > setup) If i use the default gateway in Kppp I get the same message
> with
> > > Dns
> > > > 208.223.199.240
> > > > I have no idea where this number comes from.
> > > > Interfaces running
> > > > lo ,eth0
> > > > No firewall or masquerading that I know of.
> > > > I can ping both computers but have not tried to mount yet. I first
> > wanted
> > > to
> > > > get my internet connection back.
> > > > Hope this helps
> > > > Bob
> > > >
> > > >
> > >
> > >
> > >
> >
>
____________________________________________________________________________
> > __
> > > message envoye depuis http://www.ifrance.com
> > > emails (pop)-sites persos (espace illimite)-agenda-favoris
> > (bookmarks)-forums
> > > Ecoutez ce message par tel ! : 08 92 68 92 15 (france uniquement)
> > >
> > >
> > >
> > >
> >
> >
>
>
>
____________________________________________________________________________
__
> message envoye depuis http://www.ifrance.com
> emails (pop)-sites persos (espace illimite)-agenda-favoris
(bookmarks)-forums
> Ecoutez ce message par tel ! : 08 92 68 92 15 (france uniquement)
>
>
>
>
