|
[SMS] - Superb Mini Server Project Support Forum |
|
|
|
View previous topic :: View next topic |
Author |
Message |
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Fri Nov 05, 2010 4:49 am Post subject: |
|
|
This is DNS Server.
# Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
domain lan
nameserver 192.168.1.254
# /etc/resolv.conf.tail can replace this line
And Wokstation I have
vi /etc/resol.conf
nameserver 200.149.55.140
It`s not function. Then I tryed a secondary DNS
THEN
vi /etc/resol.conf
nameserver 200.149.55.140
nameserver 200.165.132.147
Can you check Full Easy Firewall?
http://uploaddearquivos.com.br/download/Easy-Firewall
|
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Fri Nov 05, 2010 4:51 am Post subject: |
|
|
Have you set gateway the ip of your eth1 on workstations?
If you set a transparent proxy you have to setup squid on server to use port redirection.
If squid isn't configured and running then that's the reason.
Try to remove proxy from firewall or create a new one without proxy and see if it's working.
gerasimos_h
_________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Fri Nov 05, 2010 7:55 pm Post subject: |
|
|
1) Workstation: eth1 gateway 192.168.2.1
2), 3) and 4) I did another Easy Firewall unless Proxy. Unfortunately, I don`t get internet connection yet.
Traceroute Server
root@server:~# traceroute 192.168.2.7
traceroute to 192.168.2.7 (192.168.2.7), 30 hops max, 60 byte packets
1 192.168.2.7 (192.168.2.7) 0.110 ms 0.086 ms 0.077 ms
|
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Fri Nov 05, 2010 10:10 pm Post subject: |
|
|
It seems we reply at the same time in the morning and didn't see your configuration, you need to add
INET_ADDRESS="192.168.1.1"
under
INET_IFACE="eth0"
or choose static IP and not dynamic for eth0 when creating a firewall.
Your router smells like a speedtouch, if yes, you should add your server on your speedtouch as static ip, under home network/devices.
BTW you could attach it in you post.
gerasimos_h
_________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Sat Nov 06, 2010 4:29 am Post subject: |
|
|
Sorry, but I didn't undestand!
1)
INET_ADDRESS="192.168.1.1"
under
INET_IFACE="eth0"
I ought to insert it in first firewall generated where I used port 3128?
I did another simple EFG so I hope now only internet connection on the workstation. I should to change both EFGs?
http://uploaddearquivos.com.br/download/Firewall-Sem-Squid.rtf
2) In fact I'm using a Thomsom Speed Touch 510 V6 modem, but I afraid of changing it. Iprefer an eth0 dhcp server.[/quote]
|
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Sat Nov 06, 2010 9:15 am Post subject: |
|
|
1. Try the firewall attached.
2. Don't turn dhcp server off, just mark your server's ip as static in routers page configuration (192.168.1.254).
gerasimos_h
Description: |
|
Download |
Filename: |
rc.firewall.gz |
Filesize: |
6.59 KB |
Downloaded: |
2232 Time(s) |
_________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Sat Nov 06, 2010 6:26 pm Post subject: |
|
|
I dowloaded rc.firewall.gz in /etc/rc.d, used gzip -d rc.firewall.gz, and after that chmod +x rc.firewall. But in this situation I lost server internet connection. Also I tried only to add INET_ADDRESS="192.168.1.1" but it`s no connected. All experiments I did using te same dhcp Spedtouch modem, ok! Is it the problem I should to router Thomsosm modem ?
root@server:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ProFTPD (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
..........
root@server:~# cat /proc/sys/net/ipv4/ip_forward
1
...........
root@server:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Sat Nov 06, 2010 6:54 pm Post subject: |
|
|
Have you restart your server and start rc.firewall at boot?
Most Speedtouch (i don't remember 510) models have their own dns server, so if routers lease e.g. 192.168.1.2 to your server and you change ip to 192.168.1.1, most likely you will have no internet, that's the reason I told you to mark it as static under [hostmgr.ini] e.g.
Code: | add mac_addr=00:01:22:33:44:55 ip_addr=192.168.1.1 name=server type=desktop_computer ipintf=LocalNetwork |
You can do that from web interface.
Also check your dns to be right at /etc/resolv.conf for both server and clients.
gerasimos_h
_________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Sat Nov 06, 2010 7:35 pm Post subject: |
|
|
Server
#vi /etc/resolv.conf
Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
domain lan
nameserver 192.168.1.254
# /etc/resolv.conf.tail can replace this line
Worstation
search maq_13local
nameserver 200.149.55.140
|
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Sun Nov 07, 2010 12:47 pm Post subject: |
|
|
To confirm that your firewall is working reboot , login and type "iptables -L"
You should see something like
Code: | Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
bad_packets all -- anywhere anywhere
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
ACCEPT all -- 192.168.2.0/24 anywhere
ACCEPT all -- anywhere 192.168.2.255
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
tcp_inbound tcp -- anywhere anywhere
udp_inbound udp -- anywhere anywhere
icmp_packets icmp -- anywhere anywhere
DROP all -- anywhere anywhere PKTTYPE = broadcast
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `INPUT packet died: '
Chain FORWARD (policy DROP)
target prot opt source destination
bad_packets all -- anywhere anywhere
tcp_outbound tcp -- anywhere anywhere
udp_outbound udp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `FORWARD packet died: '
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
ACCEPT all -- localhost anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.2.1 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `OUTPUT packet died: '
Chain bad_packets (2 references)
target prot opt source destination
LOG all -- 192.168.2.0/24 anywhere LOG level warning prefix `Illegal source: '
DROP all -- 192.168.2.0/24 anywhere
LOG all -- anywhere anywhere state INVALID LOG level warning prefix `Invalid packet: '
DROP all -- anywhere anywhere state INVALID
bad_tcp_packets tcp -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain bad_tcp_packets (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW LOG level warning prefix `New not syn: '
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE LOG level warning prefix `Stealth scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG LOG level warning prefix `Stealth scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG LOG level warning prefix `Stealth scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG LOG level warning prefix `Stealth scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
LOG tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST LOG level warning prefix `Stealth scan: '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN LOG level warning prefix `Stealth scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
RETURN tcp -- anywhere anywhere
Chain icmp_packets (1 references)
target prot opt source destination
LOG icmp -f anywhere anywhere LOG level warning prefix `ICMP Fragment: '
DROP icmp -f anywhere anywhere
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
RETURN icmp -- anywhere anywhere
Chain tcp_inbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
RETURN tcp -- anywhere anywhere
Chain tcp_outbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere
Chain udp_inbound (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
RETURN udp -- anywhere anywhere
Chain udp_outbound (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere
|
If not, try to start rc.firewall with
"/etc/rc.d/rc.firewall"
and type "iptables -L" again to confirm.
gerasimos_h
_________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Sun Nov 07, 2010 4:56 pm Post subject: |
|
|
Gerasimos, Good Afternoon!!!
Problem was solved!!! I changed DNS and used OpenDNs. Both Pri and Secondary!
208.67.222.222
208.67.220.220
Therefore, I didn`t use EFG, but I `ll try it again! I put simple router chains in rc.firewall:
!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
Before, during boot up were messages:
.. line 6734 rc.firewall: no such or directory ...
Then I try also another shebang, using bash instead of sh. Did you see it?-
Soon , I will get another trouble!!
Thanks a lot lot lot , my dear!!!!
|
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Mon Nov 08, 2010 9:37 am Post subject: |
|
|
vivanguarda wrote: | .. line 6734 rc.firewall: no such or directory ... |
Something is wrong here, despite the error, none of the start up scripts or rc.firewall has so many lines (6734).
gerasimos_h
_________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Thu Nov 18, 2010 2:28 am Post subject: |
|
|
Gerasimos, can you help me again?
I need to change server settings because Timer Cafe Control Programm has a Workstation-Server communication problem using dhcp server. There is a FAQ and is suggested to solve it using static ip. Then I got a Modem/Router Speed Streamm 5200 unless dhcp. It is using a 10.1.1.0 ip configuration. Thereby, how can I choose ip class to static eth0 server if router is 10.1.1.0 ip type and my server eth1 was 192.168.2.1?
|
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Thu Nov 18, 2010 6:55 am Post subject: |
|
|
edit /etc/rc.d/rc.inet1.conf with the appropriate info and run /etc/rc.d/rc.inet1.
If you used an advanced firewall script change variables in rc.firewall too
INET_ADDRESS=
LOCAL_IP=
LOCAL_NET=
LOCAL_BCAST=
end run /etc/rc.d/rc.firewall.
gerasimos_h
_________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
vivanguarda Member
Joined: 01 May 2009 Posts: 98
|
Posted: Thu Nov 18, 2010 5:10 pm Post subject: |
|
|
That' s all my dear! My doubt is about ip to use in Server eth0. This static ip should be 10.1.1.X or 192.168.1.X.? I don't know this router/modem schematic...
|
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You can attach files in this forum You can download files in this forum
|
|
|
|
SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional
|
|
|
|