Re: [Cooker-firewall] Installing MNF - How Exaclty?
On Sunday 08 December 2002 11:35 pm, Michael Segulja wrote: I'm probably missing something here, but I'm confused on what exactly MNF is. I have been running SNF 1.0 for quite awhile, I guess since about the time it was released, and I'm anxious to upgrade to the newest version, but I'm confused on exactly how to do that. I downloaded Mandrake 9.0, and am using it on several servers, but when I followed the instructions I found searching the Internet, MNF or SNF are not options during installation. I guess here's what I'm asking: Is there a step by step guide on installing the absolute newest version of Mandrake's Firewall product (whatever it's called), and where is the location to download it? There will not be a ISO this time around, but there is a tutorial to follow. http://people.mandrakesoft.com/~amaury/mnf/ -- Regards Joseph Watson
[Cooker-firewall] New Version
Hello I have a simple question. I know that there is a new version of SNF out that is still on the 2.2.19 kernel. I found the cookfire directory on the ftp site, but what is the best way to test it out. Down load the whole thing and make a ISO to install from, or upgrade just a few selected packages??? I can't seem to find info on this, so some advice or direction will be greatly appreciated. Thanks much Joseph
[Cooker-firewall] Bind behind MDK SNF
Hello, I am usring Mandrakes SNF, and am trying to get bind working behind this firewall using port forwarding and forwarding port 53, both udp and tcp, through to me bind server. In testing, outgoing connections through this firewall by both the server and clients worked great. But any server or client on the internet trying to access my DNS server got no responce??? I noticed packet bing denied on the firewall that were up in the 65000 range, but dismissed this as something else. But I just came across something that made me think this may be linked I found the following snip in the default /etc/named.conf file that came with a Mandrake 8.1 install: /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; This seems to be self explanitory, but how do I open up the unprivliged ports to make this work or am I seeing this thing wrong?? If someone could give me some ideas it would be great!! Thanks, Joseph
[Cooker-firewall] SNF and DNS
Hello, I have been fighting with SNF, trying to get a DNS Server to work with port forwarding. The DNS Server works fine if the machine that it is on has a real ip. When I move it behind SNF, I start having troubles. I have been testing the dns server with the host command from a computer on the private network. First let me say that I have port forwarded several services through the Firewall, and all to the same server that is running DNS. These are ftp, http, ssh, pop3, imap, dns, smtp. The first test was to a external name server, to look up yahoo.com and it worked great. Then I pointed the same request to my dns server and that too worked great!! So I pointed a request to my dns server for a domain that is handling. That too worked well. But when I pointed this same request to a external dns server, it failed. All dns request originating from behind the firewall will work, but if the dns request originates from the internet, it will fail??? I turned on logging of all denyed packets, and there are no packets from these request being denyed. All other forwarded services work well. What could be the problem??? Has anyone had simular problems??? I saw the earlier discussion of the FTP and transparent proxy conflict problem, could this be a simular problem??? Any help would be wonderfull!! Thanks, Joseph
[Cooker-firewall] SSH and Dial-on-demand
Hello I have serveral SNF installed, Great Product! I have run into a issue with ssh and a SNF that is running a modem for a internet connection. On this box the sshd will not let me log in?? All other boxes which are using a nic for a internet connection works great. One other thing I noticed, is that when I try to ssh to the box, this will activate the modem?? This seems to point at a routing problem. Why does the ssh traffic trigger the dialer?? The error message I get is as follows: [jtwatson@Smokey jtwatson]$ ssh 192.168.1.10 ssh_exchange_identification: Connection closed by remote host [jtwatson@Smokey jtwatson]$ Also, the command will hang until the modem connection is complete. Thanks, Joseph
[Cooker-firewall] SSH and Dial-on-demand
Hello I have serveral SNF installed, Great Product! I have run into a issue with ssh and a SNF that is running a modem for a internet connection. On this box the sshd will not let me log in?? All other boxes which are using a nic for a internet connection works great. One other thing I noticed, is that when I try to ssh to the box, this will activate the modem?? This seems to point at a routing problem. Why does the ssh traffic trigger the dialer?? The error message I get is as follows: [jtwatson@Smokey jtwatson]$ ssh 192.168.1.10 ssh_exchange_identification: Connection closed by remote host [jtwatson@Smokey jtwatson]$ Also, the command will hang until the modem connection is complete. Thanks, Joseph
Re: [Cooker-firewall] DNS Server Behind SNF
Florin wrote: Joseph Watson [EMAIL PROTECTED] writes: Hello Hello there, I recently tried to move a Server that is running MDK 7.0, Apache, Bind, WuFTP, and Sendmail, behind a SNF. I set up port forwarding for each of the services, but ran into a problem. It seems to be a problem with the DNS. is this a public server or just a intrenal server protected from your internal network. This is a public server that is connected to the internet. ... snip ... 2) In the event that a http server should work properly behind my SNF, how are request from my private network to the external IP address of my SNF on port 80 going to be handled. Will it handle a internal client browsing my webserver when the DNS will resolve to the external address. It seems the traffic will go out and be send back in, but will it be masqurated or just redirected, or will it not work at all?? that depends on your dns configuration. If an external IP address will correspond to your web server address then it will go out and then come back in ... you should put a internal IP address in the dns. So I will have to set up two DNS servers?? One for my internat network, and one to resolve my domains for the interent?? Any comments, help, links would be wonderfull. Thanks for the wonderfull product SNF, I like it much, and if I can figure this problem out, it will be that much more great. cheers, Thanks Much!!
[Cooker-firewall] DNS Server Behind SNF
Hello I recently tried to move a Server that is running MDK 7.0, Apache, Bind, WuFTP, and Sendmail, behind a SNF. I set up port forwarding for each of the services, but ran into a problem. It seems to be a problem with the DNS. From console of the server behind the firewall, the only addresses it would resolve are addresses that it is responsable for, and as soon as it was required to request info from a forwarder, it would not resolve. If I added a external DNS Server IP to my resolv.conf file, external address would resolve properly. So DNS request are flowing though the firewall, but for some reason my internal DNS Server will not forward request successfully. Also, I tried to FTP to the SNF, and the requests are forwarded through to the internal server, but before a login request is received, there is a several minute delay, which I think is a DNS query that is timing out?? Now my questions: 1) Should I be able to put a DNS server behind a SNF? If it should work, does anyone have any Ideas what I might be doing wrong?? 2) In the event that a http server should work properly behind my SNF, how are request from my private network to the external IP address of my SNF on port 80 going to be handled. Will it handle a internal client browsing my webserver when the DNS will resolve to the external address. It seems the traffic will go out and be send back in, but will it be masqurated or just redirected, or will it not work at all?? Any comments, help, links would be wonderfull. Thanks for the wonderfull product SNF, I like it much, and if I can figure this problem out, it will be that much more great. Thanks Joseph