Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now

cmcp
Posted on: Aug 7 2003, 05:32 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


Thanks so much man -- it worked! Awesome. I appreciate your help more than you know.

Anyway, I was wondering if anything need to be done with hosts.allow/deny, or if I can just leave things as they are now since they seem to work just as I want them to? Perhaps for security it would be best to set them up. Thanks so much again!
  Forum: Technical Support · Post Preview: #4085 · Replies: 18 · Views: 10,082

cmcp
Posted on: Aug 6 2003, 07:43 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


Actually, forget it, I just followed the instructions and I guess it worked fine because all the services are running on the correct static ports now. I turned off ipchains/iptables and the mount worked fine. So now its a matter of configuring the firewall to keep those ports open. There is an IPTables configuration utility on www.lowth.com that I could possibly use, but there are parts about it that I probably can't answer easily how I want a service or feature configured. Do you know simply of some lines that I can add to /etc/sysconfig/iptables that allow traffic on specific ports? I would especially prefer it if, in those rules, traffic to certain ports can be allowed only on the private (eth1) network card so that the ports remain closed to connections from the internet.
  Forum: Technical Support · Post Preview: #4051 · Replies: 18 · Views: 10,082

cmcp
Posted on: Aug 6 2003, 05:40 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


Thanks a lot, hughesjr. I've started going through the process of assigning ports to the NFS services.

About rquotad -- I do have it, but the version is 3.03-1. I download 3.08 from sourceforge, but I'm not sure what I have to do to install it. There doesn't really appear to be a readme file or instructions for it, so I found some on the internet that I can probably use. They say to remove the old version, but do I need to do that manually or will the new version just overwrite the old one?

Thanks so much again for all your help. It's truly appreciated.
  Forum: Technical Support · Post Preview: #4047 · Replies: 18 · Views: 10,082

cmcp
Posted on: Aug 5 2003, 03:51 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


You could be right about NFS not running, though I'm not sure. I setup the NFS server with help a while ago when I knew even less about Linux than I do now, so I trusted that my help knew what was going on.

First, yes the kernel was installed via RPM (the RedHat installer used them I'm sure) and its version is 2.4.18-3. It also says the kernel picker is 1.3-1, whatever that is.

Perhaps the timeout error could result from the server not thinking the client that I'm trying to mount on is allowed access. In /etc/hosts.allow, I've got the following:
#portmap:192.168.181.0/255.255.255.0
#lockd:192.168.181.0/255.255.255.0
#rquotad:192.168.181.0/255.255.255.0
#mountd:192.168.181.0/255.255.255.0
#statd:192.168.181.0/255.255.255.0

Well, they're all commented out it looks like -- should they be? Also, in /etc/hosts.deny:
#portmap:ALL
#lockd:ALL
#mountd:ALL
#rquotad:ALL
#statd:ALL

Again, all commented. What do the 'ALL's mean, and should they be there? And, here's the /etc/exports:
#
/home/mpich-1.2.4/share 192.168.181.40/255.255.255.0(rw)
#192.168.181.8/255.255.255.0(rw,no_root_squash)

Should the uncommented line allow 192.168.181.40 read-write privileges when it mounts /home/mpich-1.2.4/share, which is what I want, or is that wrong and it actually means something else? Based on what I've read, that seems right. Thanks again.
  Forum: Technical Support · Post Preview: #4032 · Replies: 18 · Views: 10,082

cmcp
Posted on: Aug 4 2003, 07:18 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


Well, this little game gets more exciting by the moment.

I tried turning ipchains back on and iptables off. Then I checked the rules for ipchains; eth1 should still be good to accept connections. So I try adding a rule for tcp on port 2049 for NFS based on the website for configuring NFS with ipchains that hughesjr recommended. The message returned is "ipchains: Protocol not available." Mmm, interesting. So I try ipchains -L to see rules that are set: "ipchains: Incompatible with this kernel." Wow. And I thought that ipchains would work with 7.3 seeing as its the default firewall for it.

Well, the incompatability may be because of the fact that I configured the system at install time as a server. (In the RH 7.3 installation, there are choices to configure as a workstation, server, laptop, and maybe 1 or 2 others.) Now, I'm not sure if the kernels are different depending on what configuration is chosen, but that could be one problem. Thing is, the computer does function as a server, so I don't know if it would work properly if it were configured any other way.

The main question now is, if ipchains is incompatible and iptables is turned off, how is the firewall on the server still running? Is ipchains somehow incompatible but nevertheless working? Man, what an odd issue.

I'm truly sorry for all the questions that I've brought up, but this is quite an ordeal. Unless someone knows of a way to fix ipchains' compatability, it looks like I'm going to have to try to go with iptables now. Thanks for the help so far.
  Forum: Technical Support · Post Preview: #4016 · Replies: 18 · Views: 10,082

cmcp
Posted on: Aug 4 2003, 06:32 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


Yeah, 7.3's default is ipchains. You noticed that a rule in my ipchains file shows eth1 is a trusted device. I just made that change using lokkit today in light of your advice to designate eth1 a trusted interface. Thing is, I have turned off ipchains because I know that iptables is better and Joey has been trying to help me set up this stuff with iptables for a while.

Regarding the listening ports, 111 is listening on 0.0.0.0 but I didn't see 2049 listening.

Now, the real question is, does it matter much if I use ipchains or iptables for this stuff? Even though iptables is better, as you saw, there is a rule for ipchains that should enable all connections on eth1 and so it would probably be easier to just reenable ipchains. On the other hand, if anyone thinks that iptables is just far above ipchains for whatever reasons, can you explain so I can decide what the best way to go is?

Anyway, thanks hughesjr for all your help. I'll mess around with ipchains a little to see if I can get the NFS stuff working with it.
  Forum: Technical Support · Post Preview: #4014 · Replies: 18 · Views: 10,082

cmcp
Posted on: Aug 4 2003, 03:42 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


One more quick idea:

I don't know how compatible ipchains rules and iptables rules are, but could I just take the rules in /etc/sysconfig/ipchains and create a file /etc/sysconfig/iptables with the same rules plus the additional one to trust eth1?

The ipchains file exists because the firewall is configured during RedHat installation (for 7.3 at least) by lokkit, which implements its rules exclusively by ipchains. Now I've disabled ipchains and I am only using iptables. For reference, here are the rules in my /etc/sysconfig/ipchains:

:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT
-A input -s departmentsubnet.1 53 -d 0/0 -p udp -j ACCEPT
-A input -s departmentsubnet.2 53 -d 0/0 -p udp -j ACCEPT
-A input -s someothersubnet.61.59 53 -d 0/0 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 -p tcp -y -j REJECT
-A input -s 0/0 -d 0/0 -p udp -j REJECT

That's the whole file. Can this just be put right into iptables or does it need to be modified somehow? Thanks again!
  Forum: Technical Support · Post Preview: #4006 · Replies: 18 · Views: 10,082

cmcp
Posted on: Aug 4 2003, 03:27 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


Thanks, both, for your help.

I am using RedHat 7.3, and I looked in /etc/sysconfig and there was no file for iptables. (There was one for ipchains.) So I looked in the /etc/init.d directory and found the iptables file that Joey mentioned. It was a script that said "Startup script to implement /etc/sysconfig/iptables pre-defined rules."

So I'm a bit confused -- I found a startup script that implements rules in a file that doesn't appear to exist. Should I just create a /etc/sysconfig/iptables file and add -A INPUT -i eth1 -j ACCEPT to it, or could that cause problems? Can you suggest any other ways to edit my firewall file(s)?

Thanks so much!
  Forum: Technical Support · Post Preview: #4004 · Replies: 18 · Views: 10,082

cmcp
Posted on: Aug 1 2003, 05:58 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


I haven't tried using the IPTables script yet because the firewall on the server is set up basically how I want it (except for the eth1 firewall that I am trying to remove) and I don't want to risk changing it somehow by running the script and not knowing what some of its rules do exactly.

Is there a file (or more than one file) that I can just add "$IPT -A INPUT -i eth1 -j ACCEPT" to in order to make the change? I might try using the script later if nobody knows what files need to have that rule added, but I would prefer to just manually modify the file(s) to make sure that I don't mistakenly change something important to the firewall. Thanks again for your help.
  Forum: Technical Support · Post Preview: #3957 · Replies: 18 · Views: 10,082

cmcp
Posted on: Aug 1 2003, 04:07 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


I've more-or-less got a client setup properly for NFS, but now I think that the NFS server's firewall is too strict and results in a time out error. The server has two NIC cards -- eth0, which is for the internet and outside connections, and eth1, which is for the private network that the NFS clients are on.

As it is, the firewall on the server applies to both eth0 and eth1. I am interested in flushing all the rules (disabling the firewall) on eth1, the private NIC, which will hopefully allow it to serve NFS mounts. Does anybody know what file(s) I need to modify or what command(s) I need to issue to flush the IPTables rules for eth1? Thanks in advance for your help!
  Forum: Technical Support · Post Preview: #3953 · Replies: 18 · Views: 10,082

cmcp
Posted on: Jul 31 2003, 07:04 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


Sorry, that last line should have had 3049 and not 2049.

OK, so I've experimented a little with an NFS client after flushing its IPTables (firewall) rules, and I no longer get the error that reads 'mount: RPC: Port mapper failure - RPC: Unable to receive'. Now, the client hangs at the prompt screen for a while after I try to mount a directory on the server and eventually gives a similar error that reads 'RPC: Timed out' instead of 'Unable to receive'. In my experience, time outs often have to do with a server-side problem, so I'm wondering now whether something about the server's firewall needs to be changed. For some reference info, the server's firewall is set to High and customized to allow only SSH (based on lokkit).

Here is the result of an rpcinfo -p call to the server:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 1024 status
100024 1 tcp 1024 status
391002 2 tcp 1026 sgi_fam
100011 1 udp 632 rquotad
100011 2 udp 632 rquotad
100011 1 tcp 635 rquotad
100011 2 tcp 635 rquotad
100005 1 udp 1028 mountd
100005 1 tcp 1027 mountd
100005 2 udp 1028 mountd
100005 2 tcp 1027 mountd
100005 3 udp 1028 mountd
100005 3 tcp 1027 mountd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 1029 nlockmgr
100021 3 udp 1029 nlockmgr
100021 4 udp 1029 nlockmgr

xllx mentioned that I need dports 2049 and 3049 open, but I only see two NFS entries for 2049. Should this be changed somehow for the NFS server? If so, can you describe how to make the changes? Also, I might be totally off the mart about this time out error being server-side, so if anybody has other suggestions, I would greatly appreciate them. Thanks so much for everyone's help.
  Forum: Technical Support · Post Preview: #3940 · Replies: 7 · Views: 4,082

cmcp
Posted on: Jul 30 2003, 03:03 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


Yes, both the server and clients have pretty secure firewalls. All of the clients are on a private network and the server is on that same network. I tried adding $IPT -A INPUT -s yourclientsipaddress -d 0/0 -p all -j ACCEPT (although I did put the client's IP where it belongs) to the script and I still get the error 'mount: RPC: Port mapper failure - RPC: Unable to receive'. I couldn't tell if I need to add other lines for the dports you mention even though the clients are on the same network as the server -- do I? Also, when you said two other lines for dports 2049-3049, do you mean I need two lines as follows:
$IPT -A INPUT -i $INT -s 0/0 -d 0/0 -p tcp --dport 2049 -j ACCEPT
$IPT -A INPUT -i $INT -s 0/0 -d 0/0 -p tcp --dport 2049 -j ACCEPT?

One other thing: as I said, the NFS server has a strict firewall too. Could that also cause problems for NFS or is this just a problem with the clients' firewalls making them unable to receive? Thanks so much for your help.
  Forum: Technical Support · Post Preview: #3915 · Replies: 7 · Views: 4,082

cmcp
Posted on: Jul 30 2003, 02:42 AM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


Thanks so much for your effort man, I really appreciate it.
  Forum: Technical Support · Post Preview: #3887 · Replies: 7 · Views: 4,082

cmcp
Posted on: Jul 29 2003, 05:48 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


I would definitely like to do that, and I have downloaded the script and looked at it. The reason that I want to relax the firewall is that right now, NFS does not work because the clients' firewalls are too strict. I would use the script, but I don't know how to configure it to allows NFS. If anybody can tell me how to configure the IPTables script (from linuxhelp's guides page) to allow NFS, I would appreciate it very much.

If you don't know how to configure the script but have any other ideas of how I might modify the firewall to allow NFS, I would be very thankful if you would mention them too.
  Forum: Technical Support · Post Preview: #3881 · Replies: 7 · Views: 4,082

cmcp
Posted on: Jul 29 2003, 04:42 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


I am running RedHat 7.3 (server configuration) and initially set up the firewall at installation time to be High (allows no connections) except that I configured it to allow SSH. Now I want to change the firewall setting to Medium, so I have been using /usr/sbin/lokkit. I have tried to make the change to Medium and keep the firewall customized to allow SSH connections, but when I click OK to apply the changed settings to the firewall, they are not applied. I can click OK, then immediately reopen the lokkit utility and I can see that the old settings still exist. Is there a way to fix this problem or a better utility that you recommend to configure the firewall? Thank you in advance for your help.
  Forum: Technical Support · Post Preview: #3878 · Replies: 7 · Views: 4,082

cmcp
Posted on: Jul 24 2003, 04:06 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


I've looked around on the internet for stuff about NFS and any ports involved or any information that could tell me how the IPTables firewall script needs to be configured to allow NFS and haven't found anything useful. I tried just taking the script as-is and making a few modifications that were necessary to make it work for the machine I ran it on and NFS still could not mount.

If anyone has any suggestions, please mention them. Also, if anyone is able to describe how they have setup NFS, I would appreciate that very much. Thanks.
  Forum: Technical Support · Post Preview: #3763 · Replies: 6 · Views: 3,497

cmcp
Posted on: Jul 24 2003, 04:04 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


I've looked around on the internet for stuff about NFS and any ports involved or any information that could tell me how the IPTables firewall script needs to be configured to allow NFS and haven't found anything useful. I tried just taking the script as-is and making a few modifications that were necessary to make it work for the machine I ran it on and NFS still could not mount.

If anyone has any suggestions, please mention them. Also, if anyone is able to describe how they have setup NFS, I would appreciate that very much. Thanks.
  Forum: Technical Support · Post Preview: #3762 · Replies: 6 · Views: 3,497

cmcp
Posted on: Jul 22 2003, 03:49 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


Thanks again for your help.

I have a couple more questions. The main one is how do I edit the IPTables script to enable NFS for a client? I am not sure if NFS is handled through a specific port that is covered by the script that I should open or what.

Second, there are a few parts of the script where machines on a 'home network' can be specified. All of the machines that I will run the IPTables script on are on a private network and should all be able to access each other via SSH only. In order to allow this, do I need to specify all 240 computers in the rule to allow connections from local machines, or will it suffice to just use the rule to allow SSH access? If I were to specify those computers in the rule to allow connections from local machines would that enable rlogin, rsh, etc. for them (which I don't want), or does it just not deny whatever connections the computers might attempt immediately? Also, if I need to specify all 240 computers in the SSH or local connections rules, is there a way to specify all 240 computers without typing a line for each IP address (i.e. a range from 192.168.181.1 to 192.168.181.240)? Or, alternatively, to allow SSH connections from the entire private network 192.168.181.***, which would probably be better anyway?

And finally, to make the script, should I copy the text from the IPTables script into a file called iptables-firewall.sh for example, or do you suggest another way?

Thank you again for all your help, and I'm sorry for the many questions -- but I am learning!
  Forum: Technical Support · Post Preview: #3730 · Replies: 6 · Views: 3,497

cmcp
Posted on: Jul 21 2003, 07:50 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


I have both IPChains and IPTables running. I didn't know that there are different types of firewalls, so thanks for that info. Is it still advisable to run the script you mentioned? Thanks!
  Forum: Technical Support · Post Preview: #3722 · Replies: 6 · Views: 3,497

cmcp
Posted on: Jul 17 2003, 04:41 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


I'm trying to configure an NFS client, and after going through all of the steps that I thought were necessary, it seems that the firewall on the client is too strict to allow NFS. I am not sure how to configure the firewall for NFS nor what files need to be modified to do so, so any input is greatly appreciated.

The error I get when I try to mount the shared directory is:
mount: RPC: Port mapper failure - RPC: Unable to receive

I am running RedHat 7.3 and I am fairly certain that all daemons and services necessary for NFS are running. Here is the output of rpcinfo -p on the NFS server:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 1024 status
100024 1 tcp 1024 status
391002 2 tcp 1026 sgi_fam
100011 1 udp 939 rquotad
100011 2 udp 939 rquotad
100011 1 tcp 942 rquotad
100011 2 tcp 942 rquotad
100005 1 udp 1028 mountd
100005 1 tcp 1027 mountd
100005 2 udp 1028 mountd
100005 2 tcp 1027 mountd
100005 3 udp 1028 mountd
100005 3 tcp 1027 mountd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 1029 nlockmgr
100021 3 udp 1029 nlockmgr
100021 4 udp 1029 nlockmgr

and here is the rpcinfo -p output for the client:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 620 rquotad
100011 2 udp 620 rquotad
100011 1 tcp 623 rquotad
100011 2 tcp 623 rquotad
100005 1 udp 32768 mountd
100005 1 tcp 32768 mountd
100005 2 udp 32768 mountd
100005 2 tcp 32768 mountd
100005 3 udp 32768 mountd
100005 3 tcp 32768 mountd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 32770 nlockmgr
100021 3 udp 32770 nlockmgr
100021 4 udp 32770 nlockmgr

The /etc/exports file is setup to allow NFS access from the entire private network:
/home/mpich-1.2.4 192.168.181.0/255.255.255.0(rw) 192.168.181.8/255.255.255.0(r$5.0(rw,no_root_squash)

The bottom line and top line are on one line in the file. I don't know what the r$5.0 syntax means in the second line, but it doesn't strike me as the cause of the mounting problem.

If any additional information is needed, please just ask. Thank you very much in advance for your input.
  Forum: Technical Support · Post Preview: #3644 · Replies: 6 · Views: 3,497

cmcp
Posted on: Jul 15 2003, 04:50 PM


Whats this Lie-nix Thing?
*

Group: Members
Posts: 21
Joined: 15-July 03
Member No.: 1,107


I have written a shell script that simply tests using SSH to log in to multiple computers sequentially. The computer names are input from a file. SSH is using password authentication, which means that when the script runs, it asks for the password before logging in to every node in the file. So far the script is as follows:

#!/bin/sh
for eachhost in `cat $1`
do
echo "Testing $eachhost"
ssh root@$eachhost cd /home
done

It's a simple script and all I would like to know is how to put passwords in the script so that I don't have to manually enter them for every computer.

Alternatively, if you know of a way to include the passwords in the input file (that has the computer names, so that the file would then contain name/password pairs) and to use them to login in the script, that would be just as good if not better.

Thanks in advance for your help!
  Forum: Technical Support · Post Preview: #3588 · Replies: 1 · Views: 1,916


New Posts  New Replies
No New Posts  No New Replies
Hot topic  Hot Topic (New)
No new  Hot Topic (No New)
Poll  Poll (New)
No new votes  Poll (No New)
Closed  Locked Topic
Moved  Moved Topic
 

RSS Lo-Fi Version Time is now: 18th November 2017 - 12:37 PM