Find the answer to your Linux question:
Results 1 to 6 of 6
Hi I have a problem with my Redhat firewall using iptables. This is the first Linux firewall I have built so forgive me if I sound a bit of an ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2004
    Posts
    3

    Iptables


    Hi

    I have a problem with my Redhat firewall using iptables. This is the first Linux firewall I have built so forgive me if I sound a bit of an eejit.
    I have created a small test network on our domain; the firewall sits between the two. The networks use different subnets. I have managed to configure rules to allow FTP, Telnet, and Web use, etc. both ways, but when I try to login to our domain from behind the firewall, I am told the domain cannot be found. Is this because of the different subnets and therefore different broadcast addresses?

    Any help would be most appreciated.

    Douglas.

  2. #2
    Linux Engineer
    Join Date
    Nov 2002
    Location
    Queens, NY
    Posts
    1,319
    Can you be more descriptive of how your network is setup? Which network does the firewall lie in?
    The best things in life are free.

  3. #3
    Just Joined!
    Join Date
    Mar 2004
    Posts
    3

    iptables

    The firewall is sitting between two nets, 192.168.9.0/29 & 192.168.10.0/24. There are a small number of Windows 2000 clients on the 9. network trying to authenticate on an Windows NT DC on the 10. network. I don't seem to be able to get the broadcast packets through the firewall.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Newbie
    Join Date
    Dec 2003
    Location
    Netherlands
    Posts
    193
    Look at your logs for iptables. Maybe you've blocked port 135:139
    Computers Are Like Air Conditioners... They\'re both useless with Windows open!

  6. #5
    Just Joined!
    Join Date
    Mar 2004
    Posts
    3
    Quote Originally Posted by Mystic_Slayer
    Look at your logs for iptables. Maybe you've blocked port 135:139
    Those ports on the firewall are open for both udp & tcp. The packets are only hitting the Input side of the firewall, I think they need to go through the Forward, I just don't know how to get them top do this??

  7. #6
    Linux Newbie
    Join Date
    Dec 2003
    Location
    Netherlands
    Posts
    193
    Something else you'd maybe use. If you using Linux as PDC, then you can add multiple ethernet adapters to your domain.

    Here's an idea of a configuration file: Check the last rule for it:

    # Sample configuration file for the Samba suite for Debian GNU/Linux
    #
    #
    # This is the main Samba Configuration file. You sheald read the
    # smb.conf(5) manual page in order to understand the options listed
    # here. Samba has a huge number of configurable options most of which
    # are not shown in this example
    #
    # Any line which starts with a ; (Semi - colon) or # (Bash)
    # is a comment and is ignored. In this example we will use a #
    # for commentary and a ; for parts of the config file that you
    # may wish to enable
    #
    # NOTE: Whenever you modify this file you should run the command
    # 'testparm' to check that you have not many any basic syntactic
    # errors.
    #
    #====================== Global Settings ============================

    [Global]

    # workgroup = NT-Domain-Name or Workgroup-Name. You use this option
    # to specify if you have a domain or workgroup. You will specify later
    # on if it's a domain or workgroup.
    workgroup = TESTDOMAIN

    # Server string is the equivalent of the NT description field. I used
    # DOMAIN-PDC. PDC means Public Domain Controller
    Server String = DOMAIN-PDC

    # WINS Server - Tells the NMBD components of Samba to be a Wins Client
    # Note: Samba can be either A WINS Server, or a WINS Client, but not both.
    # We have disabled this option.
    ; wins server = w.x.y.z

    # Windows Internet Name Serving Support Section:
    # WINS support - Tells the NMBD component of Samba to enable its WINS Server
    ; wins support = yes

    # WINS Proxy - Tells Samba to answer name resolution queries on behalf
    # of a non WINS capable client, for this to work there must be at least
    # one WINS Server on the network. The default is NO.
    ; wins proxy = yes

    # DNS Proxy - Tells Samba whether or not to try to resolve NetBIOS names
    # via DNS nslookups. The default is NO
    # Because we use this machine as a Windows Domain Controller we set this option
    # to yes
    dns proxy = yes

    # this tells Samba to use a separate log file for each machine
    # that connects
    log file = /var/log/samba/log.%m

    # Put a capping on the size of the log files (in Kb).
    max log size = 100

    #========================== Security Settings =================================

    # "security = user" is always a good idea. This will require a Unix account
    # in this server for every user accessing the server. See
    # /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc
    # package for details.
    security = user

    # Backend to store user information in. New installations should
    # use either tdbsam or ldapsam. smbpasswd is available for backwards
    # compatibility. tdbsam requires no further configuration.
    passdb backend = smbpasswd

    These are the main security options. There will follow some other options.

    #========================== Printer Settings ==================================

    # If you want to automatically load your printer list rather
    # than setting them up individually then you'll need this
    ; load printers = yes

    # you may wish to override the location of the printcap file
    ; printcap name = /etc/printcap

    # on SystemV system setting printcap name to lpstat should allow
    # you to automatically obtain a printer list from the SystemV spool
    # system
    ; printcap name = lpstat

    # It should not be necessary to specify the print system type unless
    # it is non-standard. Currently supported print systems include:
    # bsd, cups, sysv, plp, lprng, aix, hpux, qnx
    ; printing = cups

    #================================= Misc =======================================

    # Using the following line enables you to customise your configuration
    # on a per machine basis. The %m gets replaced with the netbios name
    # of the machine that is connecting.
    # Note: Consider carefully the location in the configuration file of
    # this line. The included file is read at that point.
    ; include = /etc/samba/smb.conf.%I

    # Most people will find that this option gives better performance.
    # See the chapter 'Samba performance issues' in the Samba HOWTO Collection
    # and the manual pages for details.
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

    # Browser Control Options:
    # set local master to no if you don't want Samba to become a master
    # browser on your network. Otherwise the normal election rules apply
    local master = yes

    # OS Level determines the precedence of this server in master browser
    # elections.
    os level = 65

    # Domain Master specifies Samba to be the Domain Master Browser. This
    # allows Samba to collate browse lists between subnets. Don't use this
    # if you already have a Windows NT domain controller doing this job
    domain master = yes

    # Preferred Master causes Samba to force a local browser election on startup
    # and gives it a slightly higher chance of winning the election
    preferred master = yes

    # Enable this if you want Samba to be a domain logon server for
    # Windows95 workstations.
    domain logons = yes

    # if you enable domain logons then you may want a per-machine or
    # per user logon script
    # run a specific logon batch file per workstation (machine)
    ; logon script = %I.bat
    # run a specific logon batch file per username
    logon script = %U.bat

    # Where to store roving profiles (only for Win95 and WinNT)
    # %L substitutes for this servers netbios name, %U is username
    # You must uncomment the [Profiles] share below
    logon path = \\%L\Profiles\%U

    # These scripts are used on a domain controller or stand-alone
    # machine to add or delete corresponding unix accounts
    add user script = /usr/sbin/useradd %u
    ; add group script = /usr/sbin/groupadd %g
    add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
    ; delete user script = /usr/sbin/userdle %u
    ; delete user from group script = /usr/sbin/deluser %u %g
    ; delete group script = /usr/sbin/groupdel %g

    # If you want your Domain Controller rulez the times from your client machines then put this in your
    # Samba config file.
    time server = yes

    # Configure Samba to use multiple interfaces
    # If you have multiple network interfaces then you must list them
    # here. See the man page for details.
    interfaces = 192.168.9.0/24 192.168.10.0/24
    Computers Are Like Air Conditioners... They\'re both useless with Windows open!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •