Re: [CentOS] DNS or firewall problem
_ From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of cliff here Sent: Monday, July 05, 2010 10:56 PM To: CentOS mailing list Subject: Re: [CentOS] DNS or firewall problem yea that needs to be a 1 Thanks, I'll give that a try. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
cliff here wrote: net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? yea that needs to be a 1 That cannot be mandatory, as I have a 0 there and do not have the OP's problem. As I mentioned, the default in shorewall is that loc to $FW, ie connection from machines on the local LAN to server, is set to REJECT. Maybe that is the default in the iptables setting too? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
Are you running a proxy for http? It would be rather surprising that internal machines can access the Internet without forwarding turned on otherwise. When you say internal machines cannot access your server, are they connecting to it via the local interface's ip or the Internet ip? Are the services bound to the local interface? I did notice today there is a squid.conf file in my /etc/httpd/conf.d directory. It appears it is configure for the local domain only. I renamed it and restarted apache but that didn't work. The server has two nics, one for internet and one for the local network, connected to a switch. eth0 is connected to the uplink port. Please pastebin the output of the following: Run as root: 'cat /etc/sysconfig/iptables' 'netstat -ntlp' ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
Well if you want the kernel to route IPV4 traffic, then yes it has to be 1 On 7/6/10, Timothy Murphy gayle...@eircom.net wrote: cliff here wrote: net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? yea that needs to be a 1 That cannot be mandatory, as I have a 0 there and do not have the OP's problem. As I mentioned, the default in shorewall is that loc to $FW, ie connection from machines on the local LAN to server, is set to REJECT. Maybe that is the default in the iptables setting too? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- - NOTICE: This message, including all attachments, is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering this message to its intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying Received in error and immediately delete this message and all its attachments. - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
echo 1 /proc/sys/net/ipv4/ip_forward On 6 July 2010 21:17, Basil Kurian basilkur...@gmail.com wrote: enable ipv4_forwarding in /etc/sysctl.conf # service iptables start # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE eth0 is the interface connected to modem. On 6 July 2010 04:30, Thomas Dukes tdu...@sc.rr.com wrote: Been working this for over a month now and I'm stumped. Everything was working until the 'crash'. Backup was no good so I did a fresh install of centos 5.5. Trying to get things back like they were but its been a really long time since I had to set things up from scratch, Redhat 2.0. My centos server acts as a gateway/firewall/router for my home network. Internal machines can access the internet. The server can access the internet. I can access my server/services from outside the local network but internal machines cannot. Any ideas/suggestions? Thanks, --Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
enable ipv4_forwarding in /etc/sysctl.conf # service iptables start # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE eth0 is the interface connected to modem. On 6 July 2010 04:30, Thomas Dukes tdu...@sc.rr.com wrote: Been working this for over a month now and I'm stumped. Everything was working until the 'crash'. Backup was no good so I did a fresh install of centos 5.5. Trying to get things back like they were but its been a really long time since I had to set things up from scratch, Redhat 2.0. My centos server acts as a gateway/firewall/router for my home network. Internal machines can access the internet. The server can access the internet. I can access my server/services from outside the local network but internal machines cannot. Any ideas/suggestions? Thanks, --Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
cliff here wrote: Well if you want the kernel to route IPV4 traffic, then yes it has to be 1 net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? yea that needs to be a 1 That cannot be mandatory, as I have a 0 there and do not have the OP's problem. You've changed the question. The OP did not say he wanted to route IPV4 traffic. He said he could not access his server from local machines. Are you saying you must have the setting you mention in /etc/sysctl.conf ? That cannot be true, as I can access my server and I don't have your entry. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
On Tue, Jul 06, 2010 at 09:19:41PM +0100, Timothy Murphy wrote: cliff here wrote: Well if you want the kernel to route IPV4 traffic, then yes it has to be 1 net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? yea that needs to be a 1 That cannot be mandatory, as I have a 0 there and do not have the OP's problem. You've changed the question. The OP did not say he wanted to route IPV4 traffic. He said he could not access his server from local machines. Are you saying you must have the setting you mention in /etc/sysctl.conf ? That cannot be true, as I can access my server and I don't have your entry. Check your iptables rules. Maybe there are no INPUT rules to access your gateway via internal nic. -- Dominik Zyla pgp6TVMSDzTp4.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Chan Chung Hang Christopher Sent: Tuesday, July 06, 2010 9:28 AM To: centos@centos.org Subject: Re: [CentOS] DNS or firewall problem Are you running a proxy for http? It would be rather surprising that internal machines can access the Internet without forwarding turned on otherwise. When you say internal machines cannot access your server, are they connecting to it via the local interface's ip or the Internet ip? Are the services bound to the local interface? I did notice today there is a squid.conf file in my /etc/httpd/conf.d directory. It appears it is configure for the local domain only. I renamed it and restarted apache but that didn't work. The server has two nics, one for internet and one for the local network, connected to a switch. eth0 is connected to the uplink port. Please pastebin the output of the following: Run as root: 'cat /etc/sysconfig/iptables' # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT 'netstat -ntlp' Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:2 0.0.0.0:* LISTEN 3580/perl tcp0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 2960/hpiod tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN 3138/mysqld tcp0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 3049/clamd tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2667/portmap tcp0 0 0.0.0.0:60000.0.0.0:* LISTEN 3958/X tcp0 0 0.0.0.0:1 0.0.0.0:* LISTEN 3588/perl tcp0 0 192.168.1.101:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2980/cupsd tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3218/sendmail: acce tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2639/named tcp0 0 0.0.0.0:766 0.0.0.0:* LISTEN 2704/rpc.statd tcp0 0 0.0.0.0:35510.0.0.0:* LISTEN 3032/apcupsd tcp0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 2965/python tcp0 0 :::80 :::* LISTEN 5464/httpd tcp0 0 :::6000 :::* LISTEN 3958/X tcp0 0 ::1:953 :::* LISTEN 2639/named tcp0 0 :::443 :::* LISTEN 5464/httpd Not sure what all this means. Hope someone can. Thanks!! Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
Dominik Zyla wrote: Are you saying you must have the setting you mention in /etc/sysctl.conf ? That cannot be true, as I can access my server and I don't have your entry. Check your iptables rules. Maybe there are no INPUT rules to access your gateway via internal nic. I don't see the relevance of that. I never said I had or didn't have any iptables rules. I'm simply observing that I do not have the specified setting and I can access my server from my LAN, therefore the setting cannot be essential for this purpose. I can access the server because I have loc $FW ACCEPT in /etc/shorewall/policy; but that is not really relevant to the point at issue. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. ugh...fwbuilder crap...oh well. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT Seriously? Them two are redundant since you already accept everything on lo. -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT Hmm...you do not appear to have a blanket accept for your internal interface. What services are supposed to be open to the internal lan? 'netstat -ntlp' Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:2 0.0.0.0:* LISTEN 3580/perl tcp0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 2960/hpiod tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN 3138/mysqld tcp0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 3049/clamd tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2667/portmap tcp0 0 0.0.0.0:60000.0.0.0:* LISTEN 3958/X tcp0 0 0.0.0.0:1 0.0.0.0:* LISTEN 3588/perl tcp0 0 192.168.1.101:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2980/cupsd tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3218/sendmail: acce tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2639/named tcp0 0 0.0.0.0:766 0.0.0.0:* LISTEN 2704/rpc.statd tcp0 0 0.0.0.0:35510.0.0.0:* LISTEN 3032/apcupsd tcp0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 2965/python tcp0 0 :::80 :::* LISTEN 5464/httpd tcp0 0 :::6000 :::* LISTEN 3958/X tcp0 0 ::1:953 :::* LISTEN 2639/named tcp0 0 :::443 :::* LISTEN 5464/httpd Not sure what all this means. Hope someone can. You should be able to connect to the web service from the internal lan using the internal ip and also to the smtp service. But I guess your web service is probably apache doing proxy work unless you have a different meaning to 'internal boxes can access the internet'... What services were internal boxes supposed to be able to access again? webmin? mysql? dns? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Christopher Chan Sent: Tuesday, July 06, 2010 9:13 PM To: centos@centos.org Subject: Re: [CentOS] DNS or firewall problem # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. ugh...fwbuilder crap...oh well. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT Seriously? Them two are redundant since you already accept everything on lo. I didn't do that. :-) -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT Hmm...you do not appear to have a blanket accept for your internal interface. What services are supposed to be open to the internal lan? Really just intersted in web, ftp and maybe samba 'netstat -ntlp' Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:2 0.0.0.0:* LISTEN 3580/perl tcp0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 2960/hpiod tcp0 0 0.0.0.0:33060.0.0.0:* LISTEN 3138/mysqld tcp0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 3049/clamd tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2667/portmap tcp0 0 0.0.0.0:60000.0.0.0:* LISTEN 3958/X tcp0 0 0.0.0.0:1 0.0.0.0:* LISTEN 3588/perl tcp0 0 192.168.1.101:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 2639/named tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2980/cupsd tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3218/sendmail: acce tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2639/named tcp0 0 0.0.0.0:766 0.0.0.0:* LISTEN 2704/rpc.statd tcp0 0 0.0.0.0:35510.0.0.0:* LISTEN 3032/apcupsd tcp0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 2965/python tcp0 0 :::80 :::* LISTEN 5464/httpd tcp0 0 :::6000 :::* LISTEN 3958/X tcp0 0 ::1:953 :::* LISTEN 2639/named tcp0 0 :::443 :::* LISTEN 5464/httpd Not sure what all this means. Hope someone can. You should be able to connect to the web service from the internal lan using the internal ip and also to the smtp service. But I guess your web service is probably apache doing proxy work unless you have a different meaning to 'internal boxes can access the internet'... What services were internal boxes supposed to be able to access again? webmin? mysql? dns? Not really relying on my server for dns for the local machines, just for local services, ftp, webmin, local web. I'm not on a commercial account with my isp so 'external' mail is not an issue. I have most services turned off but can activate them , remotely, from webmin if I need ssh or ftp. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
Hmm...you do not appear to have a blanket accept for your internal interface. What services are supposed to be open to the internal lan? Really just intersted in web, ftp and maybe samba Well, the rules do accept connections for them three so no problem here. Not really relying on my server for dns for the local machines, just for local services, ftp, webmin, local web. I'm not on a commercial account with my isp so 'external' mail is not an issue. ftp is not running, webmin is blocked. You should be able to connect to apache. samba is not running either. I have most services turned off but can activate them , remotely, from webmin if I need ssh or ftp. Well, I guess you first need to allow connections to webmin (from INSIDE - even if you are absolutely certain no one can guess your password) unless you are only going to do it from the desktop on the box. No rules for ssh so you will need to add them if you do enable ssh. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Christopher Chan Sent: Tuesday, July 06, 2010 10:31 PM To: centos@centos.org Subject: Re: [CentOS] DNS or firewall problem Hmm...you do not appear to have a blanket accept for your internal interface. What services are supposed to be open to the internal lan? Really just intersted in web, ftp and maybe samba Well, the rules do accept connections for them three so no problem here. Not really relying on my server for dns for the local machines, just for local services, ftp, webmin, local web. I'm not on a commercial account with my isp so 'external' mail is not an issue. ftp is not running, webmin is blocked. You should be able to connect to apache. samba is not running either. ftp is turned off. Samba, I thought was running but haven't tried to set it up as I was more interested in just accessing web services, locally. I have most services turned off but can activate them , remotely, from webmin if I need ssh or ftp. Well, I guess you first need to allow connections to webmin (from INSIDE - even if you are absolutely certain no one can guess your password) unless you are only going to do it from the desktop on the box. No rules for ssh so you will need to add them if you do enable ssh. I can ssh in remotely but don't have a need for it locally. I can access webmin remotely but not from a local machine. I see no need for my server to use additional resources for the x window environment. I don't use webmin that much except when I need to turn a service on or off remotely or want to upload a file to the server without having to turn of ftp. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
I have most services turned off but can activate them , remotely, from webmin if I need ssh or ftp. Well, I guess you first need to allow connections to webmin (from INSIDE - even if you are absolutely certain no one can guess your password) unless you are only going to do it from the desktop on the box. No rules for ssh so you will need to add them if you do enable ssh. I can ssh in remotely but don't have a need for it locally. I can access webmin remotely but not from a local machine. I see no need for my server to use additional resources for the x window environment. I don't use webmin that much except when I need to turn a service on or off remotely or want to upload a file to the server without having to turn of ftp. You can access webmin remotely? That contradicts the iptables rules you posted... If you can ssh in remotely then that also contradicts both the rules and the list of ports that have a daemon bound to them. No sshd nor anything bound to port 22. You might want to turn off X/gdm then...that is what is listening on port 6000. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] DNS or firewall problem
Been working this for over a month now and I'm stumped. Everything was working until the 'crash'. Backup was no good so I did a fresh install of centos 5.5. Trying to get things back like they were but its been a really long time since I had to set things up from scratch, Redhat 2.0. My centos server acts as a gateway/firewall/router for my home network. Internal machines can access the internet. The server can access the internet. I can access my server/services from outside the local network but internal machines cannot. Any ideas/suggestions? Thanks, --Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
Do u have ipv4 forwarding on in your /etc/syscttl Sent from my iPhone On Jul 5, 2010, at 7:00 PM, Thomas Dukes tdu...@sc.rr.com wrote: Been working this for over a month now and I'm stumped. Everything was working until the 'crash'. Backup was no good so I did a fresh install of centos 5.5. Trying to get things back like they were but its been a really long time since I had to set things up from scratch, Redhat 2.0. My centos server acts as a gateway/firewall/router for my home network. Internal machines can access the internet. The server can access the internet. I can access my server/services from outside the local network but internal machines cannot. Any ideas/suggestions? Thanks, --Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Cliff Sent: Monday, July 05, 2010 8:05 PM To: CentOS mailing list Subject: Re: [CentOS] DNS or firewall problem Do u have ipv4 forwarding on in your /etc/syscttl Sent from my iPhone Uhhh, in /etc/sysctl.conf, net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? --Eddie On Jul 5, 2010, at 7:00 PM, Thomas Dukes tdu...@sc.rr.com wrote: Been working this for over a month now and I'm stumped. Everything was working until the 'crash'. Backup was no good so I did a fresh install of centos 5.5. Trying to get things back like they were but its been a really long time since I had to set things up from scratch, Redhat 2.0. My centos server acts as a gateway/firewall/router for my home network. Internal machines can access the internet. The server can access the internet. I can access my server/services from outside the local network but internal machines cannot. Any ideas/suggestions? Thanks, --Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
On Tuesday, July 06, 2010 08:12 AM, Thomas Dukes wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Cliff Sent: Monday, July 05, 2010 8:05 PM To: CentOS mailing list Subject: Re: [CentOS] DNS or firewall problem Do u have ipv4 forwarding on in your /etc/syscttl Sent from my iPhone Uhhh, in /etc/sysctl.conf, net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? Are you running a proxy for http? It would be rather surprising that internal machines can access the Internet without forwarding turned on otherwise. When you say internal machines cannot access your server, are they connecting to it via the local interface's ip or the Internet ip? Are the services bound to the local interface? --Eddie On Jul 5, 2010, at 7:00 PM, Thomas Dukestdu...@sc.rr.com wrote: Been working this for over a month now and I'm stumped. Everything was working until the 'crash'. Backup was no good so I did a fresh install of centos 5.5. Trying to get things back like they were but its been a really long time since I had to set things up from scratch, Redhat 2.0. My centos server acts as a gateway/firewall/router for my home network. Internal machines can access the internet. The server can access the internet. I can access my server/services from outside the local network but internal machines cannot. Any ideas/suggestions? Thanks, --Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
Thomas Dukes wrote: Do u have ipv4 forwarding on in your /etc/syscttl Uhhh, in /etc/sysctl.conf, net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? I have more or less the same setup as you, and I have net.ipv4.conf.ip_forward = 0 in /etc/sysctl like you, but I have no problem accessing my server from my laptop. I am running shorewall, and it would be easy to set this up to have the effect you describe. I have the line loc $FW ACCEPT in /etc/shorewall/policy . The default is loc$FW REJECT info which would have the effect you describe. Nb I don't really understand iptables, but I find shorewall does most of the thinking for me. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Christopher Chan Sent: Monday, July 05, 2010 8:42 PM To: centos@centos.org Subject: Re: [CentOS] DNS or firewall problem On Tuesday, July 06, 2010 08:12 AM, Thomas Dukes wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Cliff Sent: Monday, July 05, 2010 8:05 PM To: CentOS mailing list Subject: Re: [CentOS] DNS or firewall problem Do u have ipv4 forwarding on in your /etc/syscttl Sent from my iPhone Uhhh, in /etc/sysctl.conf, net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? Are you running a proxy for http? It would be rather surprising that internal machines can access the Internet without forwarding turned on otherwise. When you say internal machines cannot access your server, are they connecting to it via the local interface's ip or the Internet ip? Are the services bound to the local interface? I did notice today there is a squid.conf file in my /etc/httpd/conf.d directory. It appears it is configure for the local domain only. I renamed it and restarted apache but that didn't work. The server has two nics, one for internet and one for the local network, connected to a switch. eth0 is connected to the uplink port. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Timothy Murphy Sent: Monday, July 05, 2010 10:11 PM To: centos@centos.org Subject: Re: [CentOS] DNS or firewall problem Thomas Dukes wrote: Do u have ipv4 forwarding on in your /etc/syscttl Uhhh, in /etc/sysctl.conf, net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? I have more or less the same setup as you, and I have net.ipv4.conf.ip_forward = 0 in /etc/sysctl like you, but I have no problem accessing my server from my laptop. I am running shorewall, and it would be easy to set this up to have the effect you describe. I have the line loc $FW ACCEPT in /etc/shorewall/policy . The default is loc$FW REJECT info which would have the effect you describe. Nb I don't really understand iptables, but I find shorewall does most of the thinking for me. I use the iptables firewall rules in the linux ip masquerade howto. Been using it for years without a hitch. http://www.tldp.org/HOWTO/html_single/IP-Masquerade-HOWTO/#RC.FIREWALL-IPTAB LES-STRONGER I looked at shorewall some time ago but like you, I was confused with iptables. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS or firewall problem
yea that needs to be a 1 On Mon, Jul 5, 2010 at 8:12 PM, Thomas Dukes tdu...@sc.rr.com wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Cliff Sent: Monday, July 05, 2010 8:05 PM To: CentOS mailing list Subject: Re: [CentOS] DNS or firewall problem Do u have ipv4 forwarding on in your /etc/syscttl Sent from my iPhone Uhhh, in /etc/sysctl.conf, net.ipv4.conf.ip_forward = 0 ?? change to = 1 ?? --Eddie On Jul 5, 2010, at 7:00 PM, Thomas Dukes tdu...@sc.rr.com wrote: Been working this for over a month now and I'm stumped. Everything was working until the 'crash'. Backup was no good so I did a fresh install of centos 5.5. Trying to get things back like they were but its been a really long time since I had to set things up from scratch, Redhat 2.0. My centos server acts as a gateway/firewall/router for my home network. Internal machines can access the internet. The server can access the internet. I can access my server/services from outside the local network but internal machines cannot. Any ideas/suggestions? Thanks, --Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- - NOTICE: This message, including all attachments, is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering this message to its intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying Received in error and immediately delete this message and all its attachments. - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos