Borsenkow Andrej wrote: >>>>There are still problems with iptable_filter. >>>>Just tried to mount the other networked computer on /mnt/hpbox and >>>> >>>> >>>that >>> >>> >>>>works fine. >>>>Try to mount the computer with iptable_filter and you can't. >>>>Have to modprobe -r iptable_filter. Then it works correctly. >>>> >>>> > [ ... ] > >>I was assuming that once I had the host, host.allow, host.deny, >> > exports, > >>firewall on >>internet connected computer, nfs. That that was pretty much it. I >>mean, Connection >>Sharing works with it, cups, but the internel client can't mount the >>internal server. It >>isn't being denied with a permissions error, it just sits there >> > because > >>of the tables. >>If I haven't explained this correctly let me know, cause I am trying >> > to > >>get this done >>and head to work. >> > > No, you do not explain it correctly (enough for me to understand). > > Do you say that your system is a gateway and iptables prevent access > through gateway? Then you have to either correctly configure your rules > (to allow clients to connect to internal server or to enable port > forwarding) or disable iptables. With the amount of information you > provide it is impossible to say more. I do not even understand what you > mean under "mount".
MOUNT: Two computers in this system. One connected to the internet. The other is connected to that computer through the ethernet (local network). The one that is the gateway to the internet is Athlon.computer, the other computer is the HP.computer. The Athlon.computer isn't really a server, persay. I mean it is to the HP.computer, but I am not using it as a server to the rest of the world. Meaning I am not allowing others outside to access my Athlon.computer. ISP <--> Athlon.computer<--->HP.computer mount HP.computer:/ /mnt/hpbox will mount the HP / (or whatever I choose) on the Athlon.computer in the /mnt/hpbox. mount Athlon.computer:/ /mnt/Athlon will mount the Athlon.computer in the /mnt/Athlon. This one will not work if iptable_filter module is inserted on the Athlon.computer (it is the only one with iptable_filter). Note: I haven't done a save ipfilter yet, I am sure that works, but haven't done it yet. Internet Connection sharing works fine. So I can connect to the Internet from the HP.computer through the Athlon.computer to the ISP. Okay I was wrong!! Cups will not print from the HP.computer Either, unless iptable_filter module is removed. I just tested it and must have had the filter module removed before I tested it in previous email. Test: Rebooted the Athlon.computer. Told the HP.computer to print a file. Nothing. moprobe -r iptable_filter, wait a few seconds. Printer starts printing out the file. Same goes for the other issue, put you usually have to stop it and tell it to mount again. But it works after removing the module. So there are two issues. Cups and mounting the Athlon.computer on the HP.computer in /mnt/Athlon will not work unless iptable_filter is removed or saved. I don't know. Maybe I used old information. None of information I used to setup the internal network says nothing about cups or accessing the other computer would be hampered if it has iptable_filter module inserted. I am, I guess, mainly looking for an answer to: This is not an issue, Everybody that has a network will have to do a iptable -save. Or it is an issue and needs to be looked at. Or at least documented, so people know they have to do it also. If Internet Connection sharing didn't work, then I would think the other items may not work. But the HP.computer has no problem accessing the internet with iptable_filter module install. Only the other items have a problem. I do have the firewall set to let the internel network through in both rc.firewall.inet_sharing-2.2 and 2.4. Here is the part from 2.4 from the Athlon.computer. Firewall isn't enabled on the HP.computer. ******************************* # Turn on IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward # In the NAT table (-t nat), Append a rule (-A) after routing (POSTROUTING) # which says to MASQUERADE the connection (-j MASQUERADE). /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.2/24 -j MASQUERADE # Allows forwarding specifically to our LAN /sbin/iptables -A FORWARD -s 192.168.0.2/24 -j ACCEPT ******************************* > > >>That is why I think it probably should auto save, >> > > I am very curious what exactly resulted in this conclusion :-) When you > say "autosave" do you mean "it should not load iptables after you did > modprobe -r"? > > > -andrej > > > Oh, no. I meant 'autosave' just as some type of possible way to solve this problem without having to manually do it. It was just a suggestion not that I thought it wouldn't reload upon next reboot. I know it will reload unless I specifically make it not load. But that would defeat the purpose of having the firewall.
