Not a stupid question as I generally bumble thru
Linux. PM firewall wrote the rules. I answered all
the questions as the default except for the one about
getting IP from DHCP. It is set up to run on eth0. I
did have my host.deny set to All: All. I deleted
this and still no response. I set the security
setting in 7.1 as medium. There was no security
setting for 6.1.
Ironically I can ping the machine with internet over
the internet from my office.
I've included an edited selection of rules. I can't
see where it should block the internal network.
#!/bin/sh
# pmfirewall.rules.local
# ver.PM1 (do not remove this line)
### BEGIN SYSTEM DEFAULTS ###
# Block Nonroutable IP's from entering on the External
Interface
$IPCHAINS -A input -j DENY -s 10.0.0.0/8 -d $OUTERNET
-i $OUTERIF
$IPCHAINS -A input -j DENY -s 127.0.0.0/8 -d $OUTERNET
-i $OUTERIF
$IPCHAINS -A input -j DENY -s 172.16.0.0/12 -d
$OUTERNET -i $OUTERIF
$IPCHAINS -A input -j DENY -s 192.168.0.0/16 -d
$OUTERNET -i $OUTERIF
#!/bin/sh
# pmfirewall.conf - used by pmfirewall package
IPCHAINS=/sbin/ipchains
ATBOOT=1
CONFIG_DIR=/usr/local/pmfirewall
OUTERIF=eth0
REMOTENET=0/0
OUTERIP=`ifconfig $OUTERIF | grep inet | cut -d : -f 2
| cut -d \ -f 1`
OUTERMASK=`ifconfig $OUTERIF | grep Mas | cut -d : -f
4`
OUTERNET=$OUTERIP/$OUTERMASK
#### EXAMPLES ###
### ALLOWED NETWORKS
# Add in any rules to specifically allow connections
from hosts/nets that
# would otherwise be blocked.
#$IPCHAINS -A input -s [trusted host/net] -d $OUTERNET
<ports> -j ACCEPT
### BLOCKED NETWORKS
# Add in any rules to specifically block connections
from hosts/nets that
# have been known to cause problems. These packets are
logged.
#$IPCHAINS -A input -s [banned host/net] -d $OUTERNET
<ports> -j DENY -l
### BLOCK ICMP ATTACKS
#
#$IPCHAINS -A input -b -i $OUTERIF -p icmp -s
[host/net] -d $OUTERNET -j DENY -l
--- Greg Stewart <[EMAIL PROTECTED]> wrote:
> Um, have you set these ipchains rules yourself? Or,
> is some script setting
> them for you? Did you know that you have ipchains
> rules set in the first
> place? (Stupid question, I know, but it doesn't hurt
> to ask).
>
> You may want to check to make sure your internal IPs
> do not exists in
> hosts.deny.
>
> Let me know what secuirty level you installed MDK
> with.
>
> Check to make sure that your ipchains rules do not
> DENY the 192.168.0.0
> subnet for the internal network.
>
> For some reason your machine is set to drop packets
> on port 8, or it may be
> set to drop everything from non-routable subnets
> (10.0.0.0, 176, 127.0.0.0,
> 172.16.0.0, 192.168.0.0) on all interfaces--I don't
> know, and can't tell
> from here without more info.
>
> I'll have to think on this one for now...it's late
> and I have to wake up in
> four hours for work...
>
> --Greg
>
> ----- Original Message -----
> From: "Dan" <[EMAIL PROTECTED]>
>
>
> > I forgot to include that. i think I did that
> already:
> >
> > This is for the host.allow file for 196.168.0.2:
> >
> > #
> > # hosts.allow This file describes the names of
> the
> > hosts which are
> > # allowed to use the local INET
> > services, as decided
> > # by the '/usr/sbin/tcpd' server.
> > #
> > ALL: 127.
> > All: 192.168.0.1
> >
> > This is the host.allow for 196.168.0.1:
> >
> > #
> > # hosts.allow This file describes the names of
> the
> > hosts which are
> > # allowed to use the local INET
> > services, as decided
> > # by the '/usr/sbin/tcpd' server.
> > #
> > #
> > All: 127
> > All: 192.168.0.2
> >
> > It still doesn't work.
> >
> > --- Greg Stewart <[EMAIL PROTECTED]> wrote:
> > > You obvoiusly have to add each machine's IP
> address
> > > to the other mashine's
> > > /etc/host.allow file. You can either do this by
> > > simply typing the IP
> > > address, or as foolws:
> > >
> > > ALL:192.168.0.x
> > >
> > > where 'x' is the other machines number on the
> > > subnet.
> > >
> > > --Greg
> > >
> > >
> > > ----- Original Message -----
> > > From: "Dan" <[EMAIL PROTECTED]>
> > >
> > >
> > > > I'm having a problem connecting two machines:
> one
> > > > running Mandrake 7.1 and one running 6.1. The
> > > machine
> > > > running 7.1 has Roadrunner on eth0 with the
> IP
> > > > assigned by DHCP and this works fine. I put a
> > > second
> > > > NIC car in this machine (DFE-530TX+) and it
> seem
> > > to be
> > > > working per IF config info:
> > > >
> > > > eth1 Link encap:Ethernet HWaddr
> > > > 00:50:BA:40:57:43
> > > > inet addr:192.168.0.1
> > > Bcast:192.168.0.255
> > > > Mask:255.255.255.0
> > > > UP BROADCAST RUNNING MULTICAST
> MTU:1500
> > > > Metric:1
> > > > RX packets:10 errors:0 dropped:0
> > > overruns:0
> > > > frame:0
> > > > TX packets:2 errors:0 dropped:0
> > > overruns:0
> > > > carrier:0
> > > > collisions:0 txqueuelen:100
> > > > Interrupt:18 Base address:0xd800
> > > >
> > > > I gave the card in the machine running 6.1 the
> > > address
> > > > 192.168.0.2. I set 192.168.0.1 machine as the
> > > > gateway. The problem is I can't Ping the
> other
> > > > machine. I can ping the the machines locally
> i.e.
> > > > 192.168.0.1 can be pinged from 192.168.0.1.
> When
> > > I
> > > > try to Ping 192.168.0.1 from 192.168.0.2.
> Nothing
> > > > happens. When I ctrl C I get a message that
> all
> > > > packets were lost. The same thing happens in
> > > reverse.
> > > > I did happen to look in /var/log/messgaes in
> the
> > > > machine that was pinged and found the
> following:
> > > >
> > > >
> > > > Sep 12 18:37:09 cm-24-161-17-97 kernel: Packet
> > > log:
> > > > input DENY eth1 PROTO=1 192.168.0.2:8
> > > 192.168.0.1:0
> > > > L=84 S=0x00 I=34 F=0x0000 T=64 (#30)
> > > >
> > > > This appears in both machines log files for
> every
> > > > packet sent. It appears there is some sort of
> > > > security setting that is dropping the packets?
> I
> > > just
> > > > can't figure out where.
> > > >
> > > > Both machines have IP chains and PM firewall
> > > installed
> > > > since both at one time or another have had
> > > internet
> > > > access. The one currently with internet
> access
> > > has PM
> > > > firewall running on eth0. On the other
> machine I
> > > ran
> > > > "PM Firewall stop".
> > > >
> > > > Any help much appreciated.
> > > >
> > > >
> > > >
> __________________________________________________
> > > > Do You Yahoo!?
> > > > Yahoo! Mail - Free email you can access from
> > > anywhere!
> > > > http://mail.yahoo.com/
> > > >
> > >
> > >
> > >
> >
>
____________________________________________________________________________
> __
> > > Vous avez un site perso ?
> > > 2 millions de francs à gagner sur i(france) !
> > > Webmasters : ZE CONCOURS !
> > > http://www.ifrance.com/_reloc/concours.emailif
> > >
> > >
> > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Mail - Free email you can access from
> anywhere!
> > http://mail.yahoo.com/
> >
>
>
>
______________________________________________________________________________
> Vous avez un site perso ?
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
