Re: Re:[newbie] ftp to share files
Hanan, I'm getting a bit lost here. I thought you had two eth cards. Usual setup for a static IP DSL system would be something like: eth0: 192.168.0.1 mask 255.255.255.0 eth1: ip-allocated-by-provider mask whatever-they-say iptables set up to masquerade through eth0 and allow anything and everything on eth0, but keep the nasties away on eth1. Of course eth0 and eth1 could be swapped - nothing special about which does what as long as the settings are consistent. Maybe we can just verify that the above is what you want to achieve, have you post a bunch of config files and see if we can sort it from there. Brian On Tue, 2002-03-26 at 03:03, Hanan Shargi wrote: well, maybe it would help to give more info, I'll show some of bastille-firewall.cfg settings later to make things clearer, though this makes me wanna ask : Does this file replaces the iptables file ?? i couldnt find an iptables.cfg file anywhere, in what directory ?? in network configuration I have: eth0 staticup eth1 staticdown eth2 staticup to confuse me more , Sometimes the eth2 is down and the eth1 is up !!! here is part of bastille-firewall.cfg : # public interfaces: # TCP_PUBLIC_SERVICES= # # UDP services that public hosts should be allowed to connect to # UDP_PUBLIC_SERVICES= IP_MASQ_NETWORK= IP_MASQ_MODULES= TCP_PUBLIC_SERVICES=22 25 109 110 143 23 53 80 443 20 21 # MINIMAL/SAFEST UDP_PUBLIC_SERVICES=53 TCP_INTERNAL_SERVICES= UDP_INTERNAL_SERVICES=: : TCP_BLOCKED_SERVICES=6000:6020 UDP_BLOCKED_SERVICES=2049 ICMP_ALLOWED_TYPES=destination-unreachable echo-reply time-exceeded # Set this variable if you're using IP Masq / NAT for a local network #IP_MASQ_NETWORK= # DISABLE/SAFEST #IP_MASQ_NETWORK=10.0.0.0/8 # example #IP_MASQ_NETWORK=192.168.0.0/16 #DHCP_IFACES=eth0 # example, to allow you to query on eth0 #DHCP_IFACES= # DISABLED : : ICMP_OUTBOUND_DISABLED_TYPES=destination-unreachable time-exceeded DROP_SMB_NAT_BCAST=Y DHCP is off , As for my ISP, they gave me a static IP ( eth0 ), but I was wonderong about a dynamic IP for the w2k machine ,( and probably for any futur machine to connect tp the lan ) - Hanan AL-Shargi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: Re:[newbie] ftp to share files
Well whatever else is wrong, having 2 cards recognized as 3 can't be good. Have u tried fooling around in MCC under hardware? Maybe this is one for Civileme. Brian On Tue, 2002-03-26 at 12:35, Hanan Shargi wrote: Brian , yes indeed thats what I have 2 NIC in the gateway machine ( linux ) with eth0: having te ISP's IP eth1: have 192.168.0.1 as an IP thats is why I'm CONFUSED where the hell did that eth2 come from ?! my second NIC is a pcmci 3COM megaherts 10/100 and it got recognized automatically by LM, but It was recognized twice for some reason. ( I trioed sitching the cards back then still I had 3 eth's ) What files would help to figure out whats wrog , so I'll post them. ??? Thanks . - Hanan AL-Shargi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re:[newbie] ftp to share files
Brian , yes indeed thats what I have 2 NIC in the gateway machine ( linux ) with eth0: having te ISP's IP eth1: have 192.168.0.1 as an IP thats is why I'm CONFUSED where the hell did that eth2 come from ?! my second NIC is a pcmci 3COM megaherts 10/100 and it got recognized automatically by LM, but It was recognized twice for some reason. ( I trioed sitching the cards back then still I had 3 eth's ) What files would help to figure out whats wrog , so I'll post them. ??? Thanks . - Hanan AL-Shargi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: Re:[newbie] ftp to share files
H. Certainly can't see why the W2K machine couldn't ping 192.168.0.1 Anyone else understand how this could be - I guess you've tried swapping cables etc? Brian On Mon, 2002-03-25 at 23:19, Hanan Shargi wrote: Thank you Brian I tried service bastille-firewall status , and it displayed amore than a page output ( i copied first few lines at the end of this e-mail ) my guess is that it is OFF my setting is : linux machine have 2 NICs: 1st: 10.0.0.x ISP's IP== hostname ( hananxx.myisp.com) 2nd: 192.168.0.1 == host name ( hanan.homelan.com) mask : 255.255.255.0 ISP's gateway 1st NIC connects to the DSL 2nd NIC connects to the hub W2K machine: one NIC: IP 192.168.0.2 == hostname (desktop.homelan.com) gateway : 192.168.0.1 netmask 255.255.255.0 NIC onnects to the hub (ps: 1st NIC in linux machine connected to the DSL through an adapter that transforms phone line to rj45 outlet on the wall, my ISP connects the building to DSL through a router in the building == as if we are on a LAN ) service bastille-firewall status output=== pkts bytes target prot opt in out source destination 560 155K ACCEPT udp -- eth0 * 0.0.0.0/00.0.0.0/0 udp spt:68 dpt:67 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/00.0.0.0/0 tcp spt:68 dpt:67 0 0 ACCEPT udp -- eth0 * 0.0.0.0/00.0.0.0/0 udp spt:67 dpt:68 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/00.0.0.0/0 tcp spt:67 dpt:68 0 0 ACCEPT udp -- eth0 * 0.0.0.0/00.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/00.0.0.0/0 tcp dpt:53 0 0 DROP tcp -- !lo* 0.0.0.0/0 127.0.0.0/8 50712 6344K ACCEPT all -- * * 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED 1877 158K ACCEPT all -- lo * 0.0.0.0/00.0.0.0/0 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 1332 202K PUB_IN all -- eth+ * 0.0.0.0/00.0.0.0/0 0 0 PUB_IN all -- ppp+ * 0.0.0.0/00.0.0.0/0 0 0 PUB_IN all -- slip+ * 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 46662 4856K ACCEPT all -- * * 192.168.0.0/24 0.0.0.0/0 49047 25M ACCEPT all -- * * 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED - Hanan AL-Shargi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] ftp to share files
Hanan, You can find out if it's running with the command (as root): service bastille-firewall status If it is and you want to try stopping it: service bastille-firewall stop (and of course .start to restart it) I suspect that this is not the problem however. How are your IP addresses and subnet masks set up? Oh, and there are much better ways than FTP - Samba would be the way to go. HTH Brian On Mon, 2002-03-25 at 14:16, Hanan Shargi wrote: Hi everyone I have a fe questions here: I would like to be able to access the files on the LM 8.1 machine from the w2k machine ( 2 machines are on a LAN sharing DSL connection with Linux machine being gateway ) I read a few days ago a post about somebody using FTP to share files in a similar situation, and somebody else saying that this would be a security threat ( because of the 2 machines being on the net ) yet I understand ( and I really dont understand much about these things ) that there is an option you can set in your firewall that makes the ftp unaccessable from the net ( dont ask me why I just heard ) !! My question is :I would like to use ftp to share files between the 2 machines, but the first bump is that I cannot ping the linux machine from the w2k and I'm assuming this have to do with a firewall setting. Now, I stopped the tiny firewall from my system ( by allowing everything through the firewall, I couldnt find an option to stop it all in all , so i just allowed everything ) to see if it is causing this ping problem, but still i cant ping !! Could there be another firewall running ? In /etc/Bastille there are the following files: bastille-firewall.cfg bastille-firewall.cfg.orig bastille-firewall-early.sh* but I dont remember setting any Bastille firewall ever since I installed LM 8.1 !! is it set by default ? how do I know If there is a firewall running ?!?! excuse the stupidity Best Regards, - Hanan AL-Shargi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
