David wrote: > Borsenkow Andrej wrote: > > >>>>There are still problems with iptable_filter. > >>>>Just tried to mount the other networked computer on /mnt/hpbox and > >>>> > >>>> > >>>that > >>> > >>> > >>>>works fine. > >>>>Try to mount the computer with iptable_filter and you can't. > >>>>Have to modprobe -r iptable_filter. Then it works correctly. > >>>> > >>>> > > [ ... ] > > > >>I was assuming that once I had the host, host.allow, host.deny, > >> > > exports, > > > >>firewall on > >>internet connected computer, nfs. That that was pretty much it. I > >>mean, Connection > >>Sharing works with it, cups, but the internel client can't mount the > >>internal server. It > >>isn't being denied with a permissions error, it just sits there > >> > > because > > > >>of the tables. > >>If I haven't explained this correctly let me know, cause I am trying > >> > > to > > > >>get this done > >>and head to work. > >> > > > > No, you do not explain it correctly (enough for me to understand). > > > > Do you say that your system is a gateway and iptables prevent access > > through gateway? Then you have to either correctly configure your rules > > (to allow clients to connect to internal server or to enable port > > forwarding) or disable iptables. With the amount of information you > > provide it is impossible to say more. I do not even understand what you > > mean under "mount". > > > MOUNT: Two computers in this system. One connected to the internet. The > other is connected to that computer through the ethernet (local > network). The one that is the gateway to the internet is > Athlon.computer, the other computer is the HP.computer. The > Athlon.computer isn't really a server, persay. I mean it is to the > HP.computer, but I am not using it as a server to the rest of the world. > Meaning I am not allowing others outside to access my Athlon.computer. > > ISP <--> Athlon.computer<--->HP.computer > > mount HP.computer:/ /mnt/hpbox will mount the HP / (or whatever I > choose) on the Athlon.computer in the /mnt/hpbox. > > mount Athlon.computer:/ /mnt/Athlon will mount the Athlon.computer in > the /mnt/Athlon. This one will not work if iptable_filter module is > inserted on the Athlon.computer (it is the only one with > iptable_filter). Note: I haven't done a save ipfilter yet, I am sure > that works, but haven't done it yet. > > Internet Connection sharing works fine. So I can connect to the Internet > from the HP.computer through the Athlon.computer to the ISP. > > Okay I was wrong!! Cups will not print from the HP.computer Either, > unless iptable_filter module is removed. I just tested it and must have > had the filter module removed before I tested it in previous email. > Test: Rebooted the Athlon.computer. Told the HP.computer to print a > file. Nothing. moprobe -r iptable_filter, wait a few seconds. Printer > starts printing out the file. Same goes for the other issue, put you > usually have to stop it and tell it to mount again. But it works after > removing the module. > > So there are two issues. Cups and mounting the Athlon.computer on the > HP.computer in /mnt/Athlon will not work unless iptable_filter is > removed or saved. > > I don't know. Maybe I used old information. None of information I used > to setup the internal network says nothing about cups or accessing > the other computer would be hampered if it has iptable_filter module > inserted. I am, I guess, mainly looking for an answer to: This is not > an issue, Everybody that has a network will have to do a iptable -save. > Or it is an issue and needs to be looked at. Or at least documented, so > people know they have to do it also. > > If Internet Connection sharing didn't work, then I would think the other > items may not work. But the HP.computer has no problem accessing the > internet with iptable_filter module install. Only the other items have a > problem. > > I do have the firewall set to let the internel network through in both > rc.firewall.inet_sharing-2.2 and 2.4. Here is the part from 2.4 > from the Athlon.computer. Firewall isn't enabled on the HP.computer. > ******************************* > # Turn on IP forwarding > echo 1 > /proc/sys/net/ipv4/ip_forward > > # In the NAT table (-t nat), Append a rule (-A) after routing (POSTROUTING) > # which says to MASQUERADE the connection (-j MASQUERADE). > /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.2/24 -j MASQUERADE > > # Allows forwarding specifically to our LAN > /sbin/iptables -A FORWARD -s 192.168.0.2/24 -j ACCEPT > ******************************* > > > > > >>That is why I think it probably should auto save, > >> > > > > I am very curious what exactly resulted in this conclusion :-) When you > > say "autosave" do you mean "it should not load iptables after you did > > modprobe -r"? > > > > > > -andrej > > > > > > > Oh, no. I meant 'autosave' just as some type of possible way to solve this > > problem without having to manually do it. It was just a suggestion not > that I thought it wouldn't reload upon next reboot. I know it will > reload unless I specifically make it not load. But that would defeat the > purpose of having the firewall. > > >
Maybe it has something to do with the problems you're experiencing, and maybe don't but... I was using eth=1 to connect to the net and eth=0 the internal NIC, had no problems with 8.0 untill I installed 8.1... this combination didn't work for me anymore, so I had to reverse the order. I use eth=0 to connect to the net and eth=1 the internal nic. and is working ok now. > > > > > > -- --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thank - you for contacting the SedeComp Communications Technical Support Team. Please click <'REPLY'> when discussing this matter in further detail with us. Feel free to review our section on responses to common problems real soon @: http://www.sedecomp.linux-site.net | mailto:[EMAIL PROTECTED] We use and support Linux Mandrake | http://www.linux-mandrake.com
