Log inUsernamePassword
Log me on automatically each visit    
Register
Register
Log in to check your private messages
Log in to check your private messages
SMS Forum Index » SMS User Support

Post new topic   Reply to topic
Webmin and S.M.S Functions Goto page Previous  1, 2, 3, 4  Next
View previous topic :: View next topic  
Author Message
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Fri Nov 05, 2010 4:49 am    Post subject: Reply with quote

This is DNS Server.

# Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
domain lan
nameserver 192.168.1.254
# /etc/resolv.conf.tail can replace this line



And Wokstation I have
vi /etc/resol.conf
nameserver 200.149.55.140


It`s not function. Then I tryed a secondary DNS

THEN

vi /etc/resol.conf
nameserver 200.149.55.140
nameserver 200.165.132.147



Can you check Full Easy Firewall?

http://uploaddearquivos.com.br/download/Easy-Firewall
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1753
Location: Greece

PostPosted: Fri Nov 05, 2010 4:51 am    Post subject: Reply with quote

Have you set gateway the ip of your eth1 on workstations?
If you set a transparent proxy you have to setup squid on server to use port redirection.
If squid isn't configured and running then that's the reason.
Try to remove proxy from firewall or create a new one without proxy and see if it's working.

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Fri Nov 05, 2010 7:55 pm    Post subject: Reply with quote

1) Workstation: eth1 gateway 192.168.2.1
2), 3) and 4) I did another Easy Firewall unless Proxy. Unfortunately, I don`t get internet connection yet.

Traceroute Server

root@server:~# traceroute 192.168.2.7
traceroute to 192.168.2.7 (192.168.2.7), 30 hops max, 60 byte packets
1 192.168.2.7 (192.168.2.7) 0.110 ms 0.086 ms 0.077 ms
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1753
Location: Greece

PostPosted: Fri Nov 05, 2010 10:10 pm    Post subject: Reply with quote

It seems we reply at the same time in the morning and didn't see your configuration, you need to add
INET_ADDRESS="192.168.1.1"
under
INET_IFACE="eth0"
or choose static IP and not dynamic for eth0 when creating a firewall.
Your router smells like a speedtouch, if yes, you should add your server on your speedtouch as static ip, under home network/devices.

BTW you could attach it in you post.

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Sat Nov 06, 2010 4:29 am    Post subject: Reply with quote

Sorry, but I didn't undestand!
1)

INET_ADDRESS="192.168.1.1"
under
INET_IFACE="eth0"



I ought to insert it in first firewall generated where I used port 3128?


I did another simple EFG so I hope now only internet connection on the workstation. I should to change both EFGs?

http://uploaddearquivos.com.br/download/Firewall-Sem-Squid.rtf




2) In fact I'm using a Thomsom Speed Touch 510 V6 modem, but I afraid of changing it. Iprefer an eth0 dhcp server.[/quote]
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1753
Location: Greece

PostPosted: Sat Nov 06, 2010 9:15 am    Post subject: Reply with quote

1. Try the firewall attached.

2. Don't turn dhcp server off, just mark your server's ip as static in routers page configuration (192.168.1.254).

gerasimos_h



rc.firewall.gz
 Description:

Download
 Filename:  rc.firewall.gz
 Filesize:  6.59 KB
 Downloaded:  649 Time(s)


_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Sat Nov 06, 2010 6:26 pm    Post subject: Reply with quote

I dowloaded rc.firewall.gz in /etc/rc.d, used gzip -d rc.firewall.gz, and after that chmod +x rc.firewall. But in this situation I lost server internet connection. Also I tried only to add INET_ADDRESS="192.168.1.1" but it`s no connected. All experiments I did using te same dhcp Spedtouch modem, ok! Is it the problem I should to router Thomsosm modem ?

root@server:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-ProFTPD (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere



..........

root@server:~# cat /proc/sys/net/ipv4/ip_forward
1




...........

root@server:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1753
Location: Greece

PostPosted: Sat Nov 06, 2010 6:54 pm    Post subject: Reply with quote

Have you restart your server and start rc.firewall at boot?
Most Speedtouch (i don't remember 510) models have their own dns server, so if routers lease e.g. 192.168.1.2 to your server and you change ip to 192.168.1.1, most likely you will have no internet, that's the reason I told you to mark it as static under [hostmgr.ini] e.g.
Code:
add mac_addr=00:01:22:33:44:55 ip_addr=192.168.1.1 name=server type=desktop_computer ipintf=LocalNetwork

You can do that from web interface.

Also check your dns to be right at /etc/resolv.conf for both server and clients.

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Sat Nov 06, 2010 7:35 pm    Post subject: Reply with quote

Server

#vi /etc/resolv.conf

Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
domain lan
nameserver 192.168.1.254
# /etc/resolv.conf.tail can replace this line



Worstation
search maq_13local
nameserver 200.149.55.140
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1753
Location: Greece

PostPosted: Sun Nov 07, 2010 12:47 pm    Post subject: Reply with quote

To confirm that your firewall is working reboot , login and type "iptables -L"
You should see something like
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
bad_packets  all  --  anywhere             anywhere
DROP       all  --  anywhere             ALL-SYSTEMS.MCAST.NET
ACCEPT     all  --  192.168.2.0/24       anywhere
ACCEPT     all  --  anywhere             192.168.2.255
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
tcp_inbound  tcp  --  anywhere             anywhere
udp_inbound  udp  --  anywhere             anywhere
icmp_packets  icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere            PKTTYPE = broadcast
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 3 LOG level warning prefix `INPUT packet died: '

Chain FORWARD (policy DROP)
target     prot opt source               destination
bad_packets  all  --  anywhere             anywhere
tcp_outbound  tcp  --  anywhere             anywhere
udp_outbound  udp  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 3 LOG level warning prefix `FORWARD packet died: '

Chain OUTPUT (policy DROP)
target     prot opt source               destination
DROP       icmp --  anywhere             anywhere            state INVALID
ACCEPT     all  --  localhost            anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  192.168.2.1          anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 3 LOG level warning prefix `OUTPUT packet died: '

Chain bad_packets (2 references)
target     prot opt source               destination
LOG        all  --  192.168.2.0/24       anywhere            LOG level warning prefix `Illegal source: '
DROP       all  --  192.168.2.0/24       anywhere
LOG        all  --  anywhere             anywhere            state INVALID LOG level warning prefix `Invalid packet: '
DROP       all  --  anywhere             anywhere            state INVALID
bad_tcp_packets  tcp  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain bad_tcp_packets (1 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere
LOG        tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW LOG level warning prefix `New not syn: '
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE LOG level warning prefix `Stealth scan: '
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG LOG level warning prefix `Stealth scan: '
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG LOG level warning prefix `Stealth scan: '
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG LOG level warning prefix `Stealth scan: '
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
LOG        tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST LOG level warning prefix `Stealth scan: '
DROP       tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN LOG level warning prefix `Stealth scan: '
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN
RETURN     tcp  --  anywhere             anywhere

Chain icmp_packets (1 references)
target     prot opt source               destination
LOG        icmp -f  anywhere             anywhere            LOG level warning prefix `ICMP Fragment: '
DROP       icmp -f  anywhere             anywhere
DROP       icmp --  anywhere             anywhere            icmp echo-request
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
RETURN     icmp --  anywhere             anywhere

Chain tcp_inbound (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
RETURN     tcp  --  anywhere             anywhere

Chain tcp_outbound (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere

Chain udp_inbound (1 references)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere            udp dpt:netbios-ns
DROP       udp  --  anywhere             anywhere            udp dpt:netbios-dgm
RETURN     udp  --  anywhere             anywhere

Chain udp_outbound (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere

If not, try to start rc.firewall with
"/etc/rc.d/rc.firewall"
and type "iptables -L" again to confirm.

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Sun Nov 07, 2010 4:56 pm    Post subject: Reply with quote

Gerasimos, Good Afternoon!!!

Problem was solved!!! I changed DNS and used OpenDNs. Both Pri and Secondary!

208.67.222.222
208.67.220.220


Therefore, I didn`t use EFG, but I `ll try it again! I put simple router chains in rc.firewall:

!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT



Before, during boot up were messages:

.. line 6734 rc.firewall: no such or directory ...
Then I try also another shebang, using bash instead of sh. Did you see it?-

Soon , I will get another trouble!!

Thanks a lot lot lot , my dear!!!!
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1753
Location: Greece

PostPosted: Mon Nov 08, 2010 9:37 am    Post subject: Reply with quote

vivanguarda wrote:
.. line 6734 rc.firewall: no such or directory ...

Something is wrong here, despite the error, none of the start up scripts or rc.firewall has so many lines (6734).

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Thu Nov 18, 2010 2:28 am    Post subject: Reply with quote

Gerasimos, can you help me again?

I need to change server settings because Timer Cafe Control Programm has a Workstation-Server communication problem using dhcp server. There is a FAQ and is suggested to solve it using static ip. Then I got a Modem/Router Speed Streamm 5200 unless dhcp. It is using a 10.1.1.0 ip configuration. Thereby, how can I choose ip class to static eth0 server if router is 10.1.1.0 ip type and my server eth1 was 192.168.2.1?
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1753
Location: Greece

PostPosted: Thu Nov 18, 2010 6:55 am    Post subject: Reply with quote

edit /etc/rc.d/rc.inet1.conf with the appropriate info and run /etc/rc.d/rc.inet1.
If you used an advanced firewall script change variables in rc.firewall too
INET_ADDRESS=
LOCAL_IP=
LOCAL_NET=
LOCAL_BCAST=
end run /etc/rc.d/rc.firewall.

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
vivanguarda
Member


Joined: 01 May 2009
Posts: 98

PostPosted: Thu Nov 18, 2010 5:10 pm    Post subject: Reply with quote

That' s all my dear! My doubt is about ip to use in Server eth0. This static ip should be 10.1.1.X or 192.168.1.X.? I don't know this router/modem schematic...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    SMS Forum Index » SMS User Support All times are GMT + 2 Hours
Goto page Previous  1, 2, 3, 4  Next
Page 3 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional