DJA wrote:
Ralph Shumaker wrote:
James G. Sack (jim) wrote:
Ralph Shumaker wrote:
nfs was not enabled. Stopped nfslock (which stopped rpc.statd). And
stopped rpcbind. Disabled them and saved.
I don't know if they are related, but rpcgssd is enabled and
running, as
well as rpcidmapd.
I guess those are all related (because of the rpc prefix), and all
unnecessary in your setup.
rpcgssd failed to stop, but didn't claim to be running. It was
checkmarked for loading tho.
That is a normal response if you try to stop a service that is not
currently running.
OK, but the error dialog is not straight forward:
"rpcgssd failed. The error was: [blank]"
Where [blank] was simply nothing, no text, no nothing.
rpcidmapd shut down successfully.
Both said something about NFSv4, which I don't think I'm using. I
have disabled them from starting up again (in runlevel 5 anyway).
If you were using NFSv4 you'd know. It is a very different
configuration than earlier versions.
I don't think I've ever used NFS, of _any_ version.
So your DSL modem is not doing any NAT.
Which is port forwarding?
No. Network Address Translation (NAT) is basically where any computer
on your local network (LAN) gets the same Internet (routeable, or WAN)
address, and thus looks to be the same box to anyone outside your LAN.
Port Forwarding is when you need to have a particular box on your LAN
exclusively handle traffic requiring a specific port. E.g. you may
want to SSH into your LAN from a remote location.
Assuming you have only one WAN IP address assigned you by your ISP,
you would only be able to address any given box on your LAN by the one
WAN IP address. Port Forwarding allows you to route the SSH packets to
whichever box you've designated as being basically your SSH server.
It's a means of getting certain service packets to the right box even
though there is only one IP address for you available to the rest of
the world.
This sounds like a good reason to get IPv6 into the mainstream. This
reminds me, whatever happened with the guys that were going to set up
(mentioned here on a kplug list) a completely free porn site on IPv6
(which initially was supposed to be operational in September 2006 IIRC)?
Someone else can give you the painful details or correct me on all
that, but that's my simple-minded way of describing it.
The DSL management interface may or may not be accessible, though.
Here's what I would try:
# ifconfig eth0:1 192.168.1.99
# ping 192.168.1.1
if ping works, point your browser at http://192.168.1.1, and poke
around.
What the above is, is an ethernet "alias" which behaves like another
interface working through the same hardware and ethernet wiring.
Yep, that did the trick. I'm in. Now I need to regress in this thread
since what you suggested has either been snipped or I'm just not
seeing it.
If I found it, you suggested looking for unexpected port forwarding.
I don't know where to look for that. There seems to be a _lot_ in
there. But I did find a list of services:
☐ FTP
☑ HTTP
☑ ICMP
☑ SNMP
☑ TELNET
☑ TFTP
If you are not running servers for any of the above, then none of
those, except ICMP should be checked. Especially Telnet (use SSH
instead if needed) and TFTP. This assumes that those settings actually
refer to Port Forwarding, which I doubt. I think they just allow those
packets through, suggesting your modem does do some very basic
firewalling?
It must have been snipped out at some point:
dslextreme, yes. I don't remember if it has firewall built-in. It says
DSL-2320B on the front of it. dlink.com says its firewalling is:
• MAC Filtering
• Packet Filtering
• Stateful Packet Inspection (SPI)
• User Authentication PAP
• User Authentication CHAP
Here's the link (IIRC) where I found it:
http://www.dlink.com/products/resource.asp?pid=554&rid=2122&sec=0
So, does this mean that the firewall in my DSL modem is insufficient?
It's amazing to me to think that my Linux machine had no barrier but its
own built in defenses when I surfed over a regular modem. I realize
that most people may have the initial reaction "Well over such a thin
pipe, of course there wasn't much risk!" except that my windows machine
(over the same pipe) had to have zoneAlarm running to keep it safe.
Where should I go if I want a basic coverage of how to do IPtables?
If there *is* anything anywhere in there about port forwarding, it
eluded me.
It will go away on next boot, or if desired you can get rid of it by
# ifconfig eth0:1 0.0.0.0
I see no harm in leaving it. In fact, how can I make it survive a
reboot?
Should one?
Only so that I don't have to rely on vague memories of how to do it
again when I need it. I guess I'll just have to add a few lines to my
notes. My only trouble there is that I keep it as a file and have to
remember the name and where it is (used very infrequently).
--
We don't get our rights because we're gays, or women, or minorities. We
get our rights from our creator as individuals. So every individual
should be treated the same way.
--Congressman Ron Paul
--
KPLUG-List@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
