RE: [SLUG] samba/dns/firewall question

Wed, 31 Oct 2001 02:27:41 -0800 

On 31 Oct, George Vieira wrote:
>  You should turn the firewall rules off between the 2 machine for now until
>  the problems solved.
>  
>  What protocols does the windows machine have installed?
>  Yes, dual boot the linux box into windows and see if it can see itself on
>  Network Neighbourhood, coz' it should. Then go from there..

George, you're a hero - you put your finger on the problem.  By turning
off all the firewall rules, it instantly started working!

I don't know much about networking really, nor ipchains, but I
remembered that an "ipchains -F" flushes all the rules, so I did that,
and the Win95 machine could see everything just fine.

I guess the basic rules were determined during my RH7.1 installation,
where I think I opted for medium level security.  The trouble was,
there are two network cards installed, but I really only use one of
them (the 4-port hub/firewall appliance came after the RH7.1 install,
when I thought I'd need one interface card for the internal network
and one for the external).

Anyway, a quick poke about showed me the file /etc/sysconfig/ipchains
which had:

:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 2049 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth0 -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT

Suspecting the line:

        -A input -s 0/0 -d 0/0 -i eth0 -j ACCEPT

should have been an accept for *eth1*, the active ethernet card, I
changed it and did an "ipchains start" - and I can still see the network
neighbourhood from the Win95 machine.

Thank you very, very much!

Best regards,

luke


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Reply via email to