Re: [Cooker] Internet Connection Sharing and Shorewall
[EMAIL PROTECTED] (Brook Humphrey) writes: > On Tuesday 08 October 2002 09:57 am, Florin wrote: > > > > it was NOT a question ... > > > > I TELL you you can use the advanced option to change the IP address. It > > seems to me that you're talking about an older version of ics ... as the > > latest version allows you in the advanced options to choose your IP > > adress. If you use the standard one the IP adress will be 192.168.1.1 ... > > this has changed from the previous versions that used 192.168.0.1 ... > > I wan to answer this corectly. This is on a box using mandrake 9.0 my > statement is that somehow the ics wizard says I can change the settings and > it does in deed let me change them. However even though I dod cahnge them to > what I want in the ics wizard they remain were they are. The changes do not > take affect for some reason. How do you know they do not "take effect" ? Don't you have your new IP values using ifconfig and less /etc/dhcpd.conf ? It works fine here ... > > When I click on connection in mcc under internet settings it does indeed say > 192.168.1.1. Then I goto ics and select manual configuration of the internal > ip's. When I try to put 192.168.0.1 for the internal interface it bombs > telling me the ending of the ip address does not end in .0. Thats ok for me > I'll leave it were it is but in 8.2 it didn't do that. Maybe you should also read the labels ... it says NETWORK adress ... And ... i'm tired of reading childish remarks like "it was not like that in 8.2". So what ? This a completely different Internet sharing connexion based on shorewall ... so it uses the Shorewall approach. I have tried to simplify as much as I could in order to keep the old ISC look and feel ... but it's a different tool though. People should read the text above the filling forms ... > > ok, you seem to need some more lines as: > > > > ACCEPT fw masq udp 1024: 137 - > > > > and eventually: > > ACCEPT masq fw udp 137,138,139 > > ACCEPT masq fw tcp 137,138,139 > > ACCEPT masq fw udp 1024: 137 > > > > cheers, > > Thanks. I'll try this. My only point is that this was a defualt install using > default wizards and tools given by mandrake. They do work exceptionally well. > I'm happy with them but for anything more than a real basic setup they are > more than the regular user will be able to cope with. If the wizards are > there they might as well be a little more user friendly for basic tasks like > this. I will add all that as default parameters. We're trying to improve them all the time ... so your feedback is vital for that purpose. > Oh by the way it's working quite well. Thanks for all the hard work. One thing > that went extreemly well is squid running behind privoxy. > > I tell you what I only program in php but If I can help with anything let me > know. I'm current lead devel for envolution. have a nice day, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker] Internet Connection Sharing and Shorewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 08 October 2002 09:57 am, Florin wrote: > > it was NOT a question ... > > I TELL you you can use the advanced option to change the IP address. It > seems to me that you're talking about an older version of ics ... as the > latest version allows you in the advanced options to choose your IP > adress. If you use the standard one the IP adress will be 192.168.1.1 ... > this has changed from the previous versions that used 192.168.0.1 ... I wan to answer this corectly. This is on a box using mandrake 9.0 my statement is that somehow the ics wizard says I can change the settings and it does in deed let me change them. However even though I dod cahnge them to what I want in the ics wizard they remain were they are. The changes do not take affect for some reason. When I click on connection in mcc under internet settings it does indeed say 192.168.1.1. Then I goto ics and select manual configuration of the internal ip's. When I try to put 192.168.0.1 for the internal interface it bombs telling me the ending of the ip address does not end in .0. Thats ok for me I'll leave it were it is but in 8.2 it didn't do that. > > ok, you seem to need some more lines as: > > ACCEPT fw masq udp 1024: 137 - > > and eventually: > ACCEPT masq fw udp 137,138,139 > ACCEPT masq fw tcp 137,138,139 > ACCEPT masq fw udp 1024: 137 > > cheers, Thanks. I'll try this. My only point is that this was a defualt install using default wizards and tools given by mandrake. They do work exceptionally well. I'm happy with them but for anything more than a real basic setup they are more than the regular user will be able to cope with. If the wizards are there they might as well be a little more user friendly for basic tasks like this. Oh by the way it's working quite well. Thanks for all the hard work. One thing that went extreemly well is squid running behind privoxy. I tell you what I only program in php but If I can help with anything let me know. I'm current lead devel for envolution. - -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9oxpznT1TkA6FgPgRAqC8AJwIw4PYZDt2MTVILFwxVfETh0uDNwCgli2W ki2gcGRe7/Jlm5mqAFaec8c= =+7wd -END PGP SIGNATURE-
Re: [Cooker] Internet Connection Sharing and Shorewall
[EMAIL PROTECTED] (Brook Humphrey) writes: > On Tuesday 08 October 2002 02:16 am, Florin wrote: > > > I found what it was that was blocking my system. I had host allow in my > > > smb.conf and by default the new connection sharing put everything on a > > > different internal i[ address which for some reason I can not change with > > > the ics wizard or the net-setup wizard. so anyway I added to the smb.conf > > > the extra ip to cover the new internal network and all works. > > > > you can use the advanced options and choose your IP address !?? > > Well not using the mandrake tools. Somehow through my truning the firewall on > then off then on and redoing the ics wizard a couple times to try and figure > out what was going on the ics wizard set the internal ip to 192.168.1.1 and > on the main internet page it reads as 191.168.0.1 but the interface is indeed > stuck on 192.168.1.1. I know it's strange indeed and I have used the setup > wizard a few times also to change it back but for some reason it's > decided to stay were it is. it was NOT a question ... I TELL you you can use the advanced option to change the IP address. It seems to me that you're talking about an older version of ics ... as the latest version allows you in the advanced options to choose your IP adress. If you use the standard one the IP adress will be 192.168.1.1 ... this has changed from the previous versions that used 192.168.0.1 ... > > > > > One thing to note is that shorewall will eat the packets for samba if you > > > run it on that machine. I have not tried to open that port as I don't > > > want samba accessible to the outside world only those on the inside. > > > > grep -v ^# /etc/shorewall/rules ? > > [root@gate webmedic]# grep -v ^# /etc/shorewall/rules > ACCEPT net fw tcp 80,443,20,21- > ACCEPT masqfw tcp 80,443,20,21- > ACCEPT loc fw tcp 80,443,20,21- > ACCEPT masqfw tcp > domain,bootps,http,https,631,imap,pop3,smtp,nntp > > ,ntp- > ACCEPT masqfw udp > domain,bootps,http,https,631,imap,pop3,smtp,nntp > > ,ntp- > ACCEPT fw masqtcp 631,137,138,139 - > ACCEPT fw masqudp 631,137,138,139 - ok, you seem to need some more lines as: ACCEPT fw masq udp 1024: 137 - and eventually: ACCEPT masq fw udp 137,138,139 ACCEPT masq fw tcp 137,138,139 ACCEPT masq fw udp 1024: 137 cheers, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker] Internet Connection Sharing and Shorewall
On Tuesday 08 October 2002 02:16 am, Florin wrote: > > I found what it was that was blocking my system. I had host allow in my > > smb.conf and by default the new connection sharing put everything on a > > different internal i[ address which for some reason I can not change with > > the ics wizard or the net-setup wizard. so anyway I added to the smb.conf > > the extra ip to cover the new internal network and all works. > > you can use the advanced options and choose your IP address !?? Well not using the mandrake tools. Somehow through my truning the firewall on then off then on and redoing the ics wizard a couple times to try and figure out what was going on the ics wizard set the internal ip to 192.168.1.1 and on the main internet page it reads as 191.168.0.1 but the interface is indeed stuck on 192.168.1.1. I know it's strange indeed and I have used the setup wizard a few times also to change it back but for some reason it's decided to stay were it is. > > > One thing to note is that shorewall will eat the packets for samba if you > > run it on that machine. I have not tried to open that port as I don't > > want samba accessible to the outside world only those on the inside. > > grep -v ^# /etc/shorewall/rules ? [root@gate webmedic]# grep -v ^# /etc/shorewall/rules ACCEPT net fw tcp 80,443,20,21- ACCEPT masqfw tcp 80,443,20,21- ACCEPT loc fw tcp 80,443,20,21- ACCEPT masqfw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp ,ntp- ACCEPT masqfw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp ,ntp- ACCEPT fw masqtcp 631,137,138,139 - ACCEPT fw masqudp 631,137,138,139 - > > cheers, Thanks. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: [Cooker] Internet Connection Sharing and Shorewall
On Tuesday 08 October 2002 05:23 am, Thomas Backlund wrote: > > grep -v ^# /etc/shorewall/rules ? > > take a look at: > http://www.shorewall.net/samba.htm > or: > /usr/share/doc/shorewall-doc-1.3.7c/samba.htm > (if you installed shorewall-doc) > > Thomas > > If nothing else works ... Read the manual ... ;-) > Thanks it's not a matter of what I can do. I've been using linux for at least 5 years. with mandrake 5.3 I had to manually configure my isa modem to start at boot from obscure references. I for one am thankful the mandrake has the wizards they same me and others much time. However if the tools don't work as expected then they need a little work. I'm an above average user and contributer to mandrake and if the wizards don't work like expected out of the box what will the normal everyday user think. They don't have enough brain power to read the fine manual. It's not about me it's about what the end users will think. My setup is working. Maybe not exactly like I would like it to but it works. Thats good enough but when the know nothing end user gets ahold of it and tries allot of the things I did most will give up in frustration before they get it working or post flames in highly visible places. Thats not my style I just bang away till it works and then at least I can pass a little of it along to others. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: [Cooker] Internet Connection Sharing and Shorewall
From: "Florin" <[EMAIL PROTECTED]> > [EMAIL PROTECTED] (Brook Humphrey) writes: > > > On Monday 07 October 2002 01:44 am, Arnaud Desmons wrote: > > > am the maintainer of drakwizard (it contains a samba wizard so I may be > > > wrong about the conf...). I don't try to fix the problem from the user > > > side, like Brook Humphrey but as a maintainer like you. In fact my message > > > was for him, Brook. Sorry > > > > I'm sorry I'm missing this email and I would really like to know what your > > response was. Could you re-send it. > > > > I found what it was that was blocking my system. I had host allow in my > > smb.conf and by default the new connection sharing put everything on a > > different internal i[ address which for some reason I can not change with the > > ics wizard or the net-setup wizard. so anyway I added to the smb.conf the > > extra ip to cover the new internal network and all works. > > you can use the advanced options and choose your IP address !?? > > > One thing to note is that shorewall will eat the packets for samba if you run > > it on that machine. I have not tried to open that port as I don't want samba > > accessible to the outside world only those on the inside. > > grep -v ^# /etc/shorewall/rules ? > take a look at: http://www.shorewall.net/samba.htm or: /usr/share/doc/shorewall-doc-1.3.7c/samba.htm (if you installed shorewall-doc) Thomas If nothing else works ... Read the manual ... ;-)
Re: [Cooker] Internet Connection Sharing and Shorewall
[EMAIL PROTECTED] (Brook Humphrey) writes: > On Monday 07 October 2002 01:44 am, Arnaud Desmons wrote: > > am the maintainer of drakwizard (it contains a samba wizard so I may be > > wrong about the conf...). I don't try to fix the problem from the user > > side, like Brook Humphrey but as a maintainer like you. In fact my message > > was for him, Brook. Sorry > > I'm sorry I'm missing this email and I would really like to know what your > response was. Could you re-send it. > > I found what it was that was blocking my system. I had host allow in my > smb.conf and by default the new connection sharing put everything on a > different internal i[ address which for some reason I can not change with the > ics wizard or the net-setup wizard. so anyway I added to the smb.conf the > extra ip to cover the new internal network and all works. you can use the advanced options and choose your IP address !?? > One thing to note is that shorewall will eat the packets for samba if you run > it on that machine. I have not tried to open that port as I don't want samba > accessible to the outside world only those on the inside. grep -v ^# /etc/shorewall/rules ? cheers, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker] Internet Connection Sharing and Shorewall
On Monday 07 October 2002 01:44 am, Arnaud Desmons wrote: > am the maintainer of drakwizard (it contains a samba wizard so I may be > wrong about the conf...). I don't try to fix the problem from the user > side, like Brook Humphrey but as a maintainer like you. In fact my message > was for him, Brook. Sorry I'm sorry I'm missing this email and I would really like to know what your response was. Could you re-send it. I found what it was that was blocking my system. I had host allow in my smb.conf and by default the new connection sharing put everything on a different internal i[ address which for some reason I can not change with the ics wizard or the net-setup wizard. so anyway I added to the smb.conf the extra ip to cover the new internal network and all works. One thing to note is that shorewall will eat the packets for samba if you run it on that machine. I have not tried to open that port as I don't want samba accessible to the outside world only those on the inside. The only last remaining issue is that the printers section is not set up correctly it should look like the one in the samba-winbind.conf but it doesn't at any rate it is not correct. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: [Cooker] Internet Connection Sharing and Shorewall
Arnaud Desmons <[EMAIL PROTECTED]> writes: > Florin <[EMAIL PROTECTED]> writes: > > > > Then I set up smb using the built in server wizard. Both my windows xp and my > > > linux boxes can see samba and can mount it but cannot place files even in > > > /home/samaba/public. Access denied. At this point I change permissions on > > > this directory to 777 and still am not able to save anything there. > > > > > > On a final note I have another system running 9.0 also with no firewall on it > > > and by using the wizard, samba is set up and allows others to access it just > > > fine. Accept for one thing printing does not work. I get no errors and am > > > able to print just fine when using this linux box but when I try to print > > > over samba it simply does nothing. Widows shows the job as being sent and it > > > should print but nothing happens at all. > What do you mean by "the built in server wizard" ? did I say that ? > I will look for permission on /home/samba/public but I might do nothing about > printer, in drakwizard, if it really "does nothing" as you say. > I didn't see your smb.conf... have you tried after a shorewall clear ? -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker] Internet Connection Sharing and Shorewall
[EMAIL PROTECTED] (Antonin Chadima) writes:
> i had the same problem for
> 1 modem and 1 nic
>
> the computer on which is shorewall running
> is at the same time nfs and samba server
>
> and i was not able to get it all running at the same time
>
> thanks
Hello,
1. Please, send us the foolowing command output:
grep -v ^# /etc/shorewall/{zones,interfaces,policy,masq,rules}
2. Please attach here the /etc/sysconfig/network-scripts/drakconnect_conf
file
3. explain with more details what you're trying to do ... What doesn't
work ... the connection to net from a computer behind the firewall or
samba and nfs servers for the lan in the same time ?
cheers,
--
Florin http://www.mandrakesoft.com
http://people.mandrakesoft.com/~florin/
Re: [Cooker] Internet Connection Sharing and Shorewall
i had the same problem for 1 modem and 1 nic the computer on which is shorewall running is at the same time nfs and samba server and i was not able to get it all running at the same time thanks ant. chadima
Re: [Cooker] Internet Connection Sharing and Shorewall
[EMAIL PROTECTED] (Sebastian Djupsjöbacka) writes:
> Hello!
>
> I have found a strange problem with Internet Connection Sharing in Dolphin. My
> hardware configuration is two 10 Mbit NIC's, one connected to my local LAN
> and one to the campus LAN. ICS worked beatifully straight out of the box in
> 8.2 so I was suprised when I ran into these problems in 9.0
Hello there,
Have you configured first the two NICs with drakconnect ?
If you don't do that first, ICS will not work for you.
Then run ICS, and do, as root, a
grep -v ^# /etc/shorewall/{zones,interfaces,policy,masq,rules}
> 1) I started ICS and configured it in the same manner as in previous versions.
> It did not work, even though all packages got installed and shorewall was
> running. When I digged a little I noticed that the ICS tool had not made the
> needed changes to the /etc/shorewall/masq file. It read only "eth0" when it
> should have been "eth0 eth1". With this manual change I got it up and
> running.
>
> 2) Then I tried to browse samba from computers in my own LAN. No response from
> the server. After a little thought and reading the logs I came to the
> conclusion that the firewall ate the packets. I turned it off in the Control
> Center, or rather made it pass all packets.
any error logs in /var/log/messages (or syslog) ?
> 3) To my great surprise this also turned off the IP masquerading. 'iptables
> -L' was totally empty and no packets from my computers behind the firewall
> were forwarded anywhere.
of course, if you turn it off, it will remove the masquerading.
> I want IP masquerading but I do not need a firewall as the university LAN
> already is behind one. At the moment this can't be done with the ICS tool in
> the Control Center. As the previous versions of Mandrake had this
> functinality I can only consider this a bug. One that hopefully will be
> squashed soon. I'm not very happy with switching iptables rules every time I
> want to access my documents on the file server.
we'll solve your problem, don't worry ...
cheers,
--
Florin http://www.mandrakesoft.com
http://people.mandrakesoft.com/~florin/
