OpenSUSE :: FIrewall Setup / Client Computer Cannot See NFS Server When Scanning For Server - OSE 11.2?
Apr 21, 2010
I have a small home-office network. On that network I have two linux computers, one is a client the other a server.
On the server I have NFS Server setup and mount some NFS exports on the client computer.
On the server I have the firewall on and here it becomes a little tricky.
Since both the server and the client connect to the router the interface (eth1) is theoretically both an internal & external zone.
The router is commercial grade and therefore has a good firewall on it which is also setup. Therefore the firewall on the server is really more of a backup than a necessity. But that's fine, and by having the server's firewall on 'fail2ban' is able to work which I like to have working so I don't want to just turn off the server firewall even though I have good security from the router.
However, when I turn on the server's firewall, the client computer cannot see the NFS server when scanning for server -- done by: clicking on "Choose" next to "NFS Server Hostname" when adding an NFS share in the NFS Client in YaST. Clearly something is being blocked even though I have both "NFS Client" and "NFS Server Service" allowed in the server firewall. The Firewall config. files for these are below.
The Firewall configuration is pretty much "out of the box". That is I have the services I need opened up for the external zone, the other zones are left at their default which means the internal zone, although not used (i.e.: attached to any interface), is completely open.
The perfect solution I guess would be to setup my client computer to connect through a different NIC (perhaps eth0), make that the "Internal Zone" and therefore allow all traffic through to it while still blocking the server from the external zone. However, I cannot make that physical change to my network for now so I am looking for an in between (non-perfect) solution.
In this case I am guessing that means opening up extra NFS ports to the external zone so I have full NFS functionality. I don't mind this because like I said, the router firewall is the main line of defense anyway.
So, given all of the above could someone tell me what I would need to additionally open up in the server firewall to make the NFS server detection work on the client while the firewall was on. Or, if you have a cleverer/better solution without me changing my physical network that would be great.
Hopefully I have written this in enough detail and clearly enough so that all the parameters are clear but if not, feel free to ask me what you like and I'll try to make it clear.
Code:
## Description: Firewall Configuration for NFS kernel server.
#
# Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed.
# More may be supported in the future.
code....
View 6 Replies
ADVERTISEMENT
Jan 7, 2010
I have vsFTPd running on my server. If I connect via 127.0.0.1, then all is well and I can use the "ls" command to get a directory listing. However when trying this remotely, the FTP client hangs and I do not get a directory listing.
View 4 Replies
View Related
Sep 12, 2009
I have one Windows-XP on Machin 1 and one Linux on Machine 2.
I want make Linux machine as CVS server and Windows Xp as CVS client.
How to setup CVS Server in Fedora-11 machine and CVS client in Windows Xp?
Photo : http://img27.imageshack.us/img27/5864/cvsserver.gif
View 1 Replies
View Related
Jan 25, 2010
For some time now, I'm having some problems with configuring an NFSv4 server to let it work with a firewall. I've already searched to web, but I was unable to find a solution that works for me.
The situation is as follows:
I'm trying to connect an NFS client to an NFS server that is behind a firewall. I don't have access to this firewall, but I can contact the administrator to open some ports for me. I already did this for opening port 2049.
The result is that the client can read files from the server, but is unable to write files to the server. I believe that for writing an extra RPC-connection needs to be set up. However, the ports on which the RPC-connection is set up, seem to be different for every connection (I verified this using 'netstat -tn').
Clearly, this is a problem since the server is protected by the firewall.
Thus, what I want to do is configure the server in such a way, that it always uses the same server-side port(s) to connect with the writing clients (just like 2049 for reading). I've already tried to configure the /etc/default/nfs-kernel-server and /etc/default/nfs-common files, but that hasn't really worked out yet.
Note: Because I don't like to contact the system admin every day, I hooked up 2 computers (client/server) on which I set up the same configuration (without the firewall). I'd like to see it working on those machines first (that is, 'netstat -tn' showing the correct port), before I contact the admin to open some extra ports.
View 2 Replies
View Related
Jul 28, 2010
I have configureed Bind in a Linux box. Well pc1 i.e "pc1.mydomain.com" is my client machine and main server is the computer in which bind is install.The client computer pc1 and the main server (Bind server) i.e FQDN "mainserver.mydomain.com "are on the same network.from client machine i can't resolve the name to IP address as my server do successfully with client. The /etc/resolv.conf file in my bind server is as
Code:
search mydomain.com
nameserver 192.168.1.254
The named.config it main configuration is as below
Code:
zone "mydomain.com" IN {
[Code]...
View 6 Replies
View Related
May 19, 2010
I want to set up moodle and need to give my computer some capability to act as a server. I am following the steps at [URL] although my question is not really related to moodle. Here is the problem: setting everything up to make my computer accessible from outside has worked so far. I got myself a static IP address using a dynamic dns server and can ssh into my computer from any other computer connected to the www. So,
[Code]....
View 3 Replies
View Related
Jan 21, 2010
I'm going to start a new thread because previous searches have not totally satisfied my question. I've read all day about doing this but each inquiry leads to discussion of configuring the router. I am also not network savy. I would like to set up an FTP server on my home computer (presently Ubuntu 8.10). I have only one computer. I am using DSL with my telephone line for internet connection. I do not use a router.
Is it possible to do this with no router and only a DSL ISP connection?
View 3 Replies
View Related
Jun 13, 2011
I'm trying to setup an Apache server on my computer which will allow browsing of files in a specific directory and subdirectories, without needing any sort of authentication.
I've got the Apache2 server up and running through yast, and everything works fine as long as I try to point it to the /www/htdocs folder. However, I want to point it at another folder, which is on another partition. This partition is formatted as NTFS, if that matters at all (here's some background on some permissions issues I had with the NTFS partitions recently).
When I change the "Directory" setting in the Yast http server configuration utility to the directory on the NTFS partition I wish to use, attempting to access the server results in the following error:
Code: Access Forbidden: You don't have permission to access the requested directory. There is either no index document or the directory is read-protected. If you think this is a server error, please contact the webmaster.
Error 403
192.168.1.100
Mon Jun 13 23:43:29 2011
Apache/2.2.17 (Linux/SUSE)
View 4 Replies
View Related
May 5, 2010
I have a computer which has a public IP.My ISP has allowed only port 22 for my machine to be accessed outside from internet.I want rest of my computers which are connected to this machine be accessible via SSH on internet.I can configure IPTABLES to route different ports to internal machines but since ISP has given only one port for the gateway how can I go for it any guesses. I came across some thing reverse SSH tunneling but that has to keep the connection alive all the time at gateway I want my trusted people to be directly able to access the machines on LAN to which they have account to login in this scenario.
View 3 Replies
View Related
May 12, 2011
I have an opensuse 11.3 install which I want to set up as a network boot server to install Solaris 10 on a Sun Ultra 10 client. According to what I've read, this requires rarpd and tftpd which I've set up on opensuse, but also bootparamd which I can't find for 11.3. It seems it was last included with opensuse 9.2. Does anyone know if it's available, if I could use the suse 9.2 version, or any alternative?
View 3 Replies
View Related
Jun 11, 2011
I configured openLdap in RHEL5 on virtual achines,everything is working fine, I created a user called ldapuser,in LDAP server and i created a home directory for ldapuser in my LDAP client, now i can able to login to the both Server and client with ldapuser account....
Now here what am expecting is i want to export my server's home directory to the client, i dont want to create home directories manually in the client machine, i googled about that, and it can be done through autofs.....
what need to be done on the client and server side.
View 6 Replies
View Related
Aug 1, 2011
I am using VMware player running Ubuntu10.04. I have setup a NFS server machine and a client machine. On my NFS server,
eth0 inet address:192.168.126.129
eth1 inet address: 192.168.255.129
On my client,
eth0 inet address:192.168.126.130
eth1 inet addess:192.168.255.128
Am I right to say, from the server machine, if I ping 192.168.126.130, I am calling the client machine? NFS server ip address is 192.168.126.129? and what about 192.168.255.129? and 192.168.255.128?
View 2 Replies
View Related
Mar 2, 2009
How can i setup SSH server on one machine and openssh client on another machine running suse 10.3
View 2 Replies
View Related
Oct 5, 2009
I want to explore DNS and Sendmail. So I downloaded exe of Vmware 2.0 on Windows Xp. I installed Fedora Linux on Both.
Now I have bridged networking and do did provided:
Instance 1:
Machine IP: 192.168.1.100
Instance 2:
Machine IP: 192.168.1.101
BIND Software is installed on both the machine.
I want to make 192.168.1.100 as Server and 192.168.1.101 as Client.
Also do let me know how can I setup DNS server?
Will it be possible to learn DNS server and client configuration through VmWare?
View 3 Replies
View Related
Mar 1, 2011
I've set up a Lan-to-Lan (routed) OpenVPN tunnel. For redundancy I want to set up a second VPN tunnel on a fallback gateway/firewall on the client side. Currently, both sides (server/client) know how to route packets across each others physical LAN. So no NAT is used. When the primary gateway (fw1) is connected to the VPN server all traffic runs via the fw1 tunnel. Than when the secondary gateway (fw2) connects to the VPN server and fw1 is still connected all traffic for fw1 will be delivered to fw2 and effectively destroying traffic intended for fw1. This is of course no problem if I first shutdown (fence) fw1, than set up fw2 to use the gateway IP address from fw1 and set up the VPN tunnel to the VPN server. Effectively replacing fw1 with fw2 on the client side.
However, I can't seem to find a decent howto.
I am also exploring the possibility to let both tunnels active and let OpenVPN (or another tool) decide how to route packets back and forth the different LANs. A virtual IP between two gateway's both running a VPN or something similar. This would be the preferred method of course. However, I don't know how to tackle this one but I'm pretty sure there are people out there who are happy to share their 2 cents.
View 3 Replies
View Related
Apr 20, 2010
Is there a way I can install a windows program to webspace and run it from a linux client computer? To specify, I'm a student at the University of Minnesota. I have access to linux machines running Ubuntu, however, the space allocated to us is too small for the program I would like to run on these computers. I do have webspace I can use though. The thing I'd like to be running on the linux computers is a windows application requiring installation. So is there a way to put/install/(whatever else it might be called) this program onto my webspace and be able to run it from the linux computers? I know it's probably unlikely, but maybe?
View 4 Replies
View Related
Sep 12, 2009
I have one Windows-XP on Machin 1 and one Linux on Machine 2. I want make Linux machine as CVS server and Windows Xp as CVS client. How to setup CVS Server in Fedora-11 machine and CVS client in Windows Xp?
View 1 Replies
View Related
Aug 8, 2010
I currently have a debian lenny high performance cluster running seamlessly using dhcp and tftpd-hpa. All nodes are completely diskless, and i would like to keep it that way. I now would like to have a client boot over local into a full KDE desktop.
Here's the cache.
1. I would like the client to also be a node. I would like it to handle processing as the other nodes do, but this one with a full desktop, with ALL data and privileges accessible.
2. The client will have its own workstation graphics. It will need to have that driver loaded without slowing the system.
3. Client will need to be able to use its own usb, bd-rom, dvd, audio, etc. even though it will be booting into the HPC.
4. Wireless. I cannot run 70 ft of lan across an apartment. not happening.
The idea is a media center applicable "powerhouse" with high-end power and graphics for easy media editing, 3d creation, and gaming. Will also be used for webcache over all local, file sharing, and other server applications.
HPC specs:
-headnode: hp compaq p4-ht 3.2 ghz, 4x500gb, 4gb mem, gigabit ethernet, wireless-N
-nodes: 4x p4-ht 2.2 ghz, 2gb mem, no-name brand slim desktops; 2x panasonic toughbooks p4-mobile 1.8 ghz, 1.5gb mem; 3x gateway p3 unknown specs; and 1 hp 530 notebook 1.6ghz core2 duo, 1.5gb mem
-client: hp compaq core2 duo 2.13 ghz, 4gb mem, wireless n, bd-rom, 2x dvd-rom, usb 3.0 card, bluetooth, 1gb AGP nvidia geforce 6800 dual-dvi, no hd.
I need to know how to set up this PXE.
View 1 Replies
View Related
Mar 29, 2009
how to setup a home network for learning purpose. i have two laptops and a desktop connected to a modem-router for broadband (wired connection), i want to setup one as server and the others as client.
View 2 Replies
View Related
Aug 18, 2010
I was trying to setup SSL Client authentication on only one virtual host. Here is a brief excerpt sample of my conf file for the virtual host:
<VirtualHost xx.xx.xx.xx:443>
SSLRequire %{SSL_CLIENT_S_DN_O} eq "something"
SSLVerifyClient require
SSLVerifyDepth 2
</VirtualHost>
But when I try to check for syntax errors tells me SSLRequire not allowed here I do not want to add SSLRequire on the main httpd.conf because I only want it for one virtual host. The rest of the virtual hosts do not need it.
View 2 Replies
View Related
Jan 25, 2011
I will be relocating to a permanent residence sometime in the next year or two. I've recently begun thinking about the best way to implement a home-based network. It occurred to me that the most elegant solution might be the use of VM technology to eliminate as much hardware and wiring as possible.My thinking is this: Install a multi-core system and configure it to run several VMs, one each for a firewall, a caching proxy server, a mail server, a web server. Additionally, I would like to run 2-4 VMs as remote (RDP)workstations, using diskless workstations to boot the VMs over powerline ethernet.The latest powerline technology (available later this year) will allow multiple devices on a residential circuit operating at near gigabit speed, just like legacy wired networks.
In theory, the above would allow me to consolidate everything but the disklessworkstations on a single server and eliminate all wired (and wireless) connections except the broadband connection to the Internet and the cabling to the nearest power outlets. It appears technically possible, but I'm not sure about the various virtual connections among VMs. In theory, each VM should be able to communicate with the other as if it was on the same network via the server data bus, but what about setting up firewall zones? Any internal I/O bandwidth bottlenecks? Any other potential "gotchas", caveats, issues? (Other than the obvious requirement of having enough CPU and RAM).Any thoughts or observations welcome, especially if they are from real world experience in a VM environment. BTW--in case you're wondering why I'm posting here, it's because I run Debian on all my workstations/servers (running VirtualBox as a VM for Windows XP on one workstation).
View 14 Replies
View Related
Sep 25, 2010
I'm trying to setup a vpn server so I can use my computer via phone. My phone only supports pptp, l2tp and l2tp/ipsec psk. I would like to surf the web, browse files etc. I've been using this guide [URL] but get stuck on the part.
Finally, disable and re-enable ufw to apply the changes:
sudo ufw disable && sudo ufw enable
I get the error:
ERROR: problem running ufw-init
So is there any simple way to get a vpn working on this thing? Or at the very least an in-depth guide that covers what would happen if something goes wrong.
View 6 Replies
View Related
Mar 27, 2010
I want to set up the following server in open suse:dhcpopenldapnfs (to allow users to mount their home directories from the serverI started off with the openldap server. I configured it with dc=localdomain,dc=local as its domain. As the server machine has no internet. Though when I go to add a .ldif file with the following command
Code:
ldapadd -x -D 'cn=Administrator,dc=localdomain,dc=local' -f /home/base.ldif -W
It returns this
[code]....
View 9 Replies
View Related
Sep 21, 2010
What is a good MTA (e.g. Postfix or something else) setup for a home computer behind a NAT, or a laptop that is not always online? I've read a lot of Postfix tutorials on how to set it up this way or that, but they are usually geared towards computers that are servers ie they
have a static IP
have a domain name
are always connected to the same network
My requirements are, I guess: Ability to redirect mail for local users to another server of my choosing. No listening for incoming SMTP connections - outgoing only Ability to route outgoing mail via an external SMTP server with authentication (and perhaps encryption) If not Postfix, I need an MTA which can queue up mails in case it temporarily has no internet connection.
View 4 Replies
View Related
Jun 29, 2010
I would like to know how to install a webmail server and a suitable client to help connect to it that is compatible with both windows and linux ubuntu.
View 1 Replies
View Related
Feb 18, 2011
I want to try and set up a old cheap computer with ubuntu and run it as a home server to toy around with. how to get started? (Where to get an old computer? Craigslist? What specs should I be looking out for? Wireless vs. ethernet? What software to use? ssh?)
View 2 Replies
View Related
Aug 2, 2010
I currently have my server setup with a web page and ssh. I am looking to find a way to access the internet from my work computer, but all proxies that I can find have been blacklisted...I can however access my home server webpage. Is it possible to create my own proxy so I can surf from my work laptop?
View 2 Replies
View Related
Feb 24, 2010
I've been setting up NIS for the first time. When I have the firewall on, the NIS client can't find the NIS server. When the firewall is off, it can. These are both on the same computer (the server).I have both the NIS client and server opened in the firewall -- all the setup has been done through yast so far.
Is there something else that needs to be done that I missing? Or if not, perhaps it just a minor setup bug in the scripts in which case could someone tell me what ports I would additionally need to open manually in the firewall to make it work that wouldn't already be opened?
On a different note, in a recent discussion on another thread someone told me that openSUSE was going to be unsupported from around May this year -- has anyone heard of this or should I just ignore it? I thought with 40k users registered on the website Novell would find something better to do with all of us rather that just drop us so I am a little skeptical.
View 9 Replies
View Related
Mar 24, 2011
I notice that my bittorrent client is capable of automatically setting up port forwards with my router, and I want to know if I can do the same in a shell script. The reason is, that since my router is stupid and won't let me keep static IP addresses (it seems they forced a DHCP refresh every week to make me want to pay for a more expensive model which doesn't), I need to get my computer to change the port forward to follow my computer's changing internal network IP address. I have a couple of port forward manually entered into my router settings for web interfaces to bittorrent etc, but of course these have a good chance of being invalidated at each DHCP refresh cycle.
View 1 Replies
View Related
Jan 9, 2011
I want to settup a proxy server who just redirect the internet connection to my second computer. I try Squid Proxy but its too complicated for me. Can you sugest me another more simple program to do what i want?
View 1 Replies
View Related
