OpenSUSE :: Can't Find The NIS Server When The Firewall Is Off?
Feb 24, 2010
I've been setting up NIS for the first time. When I have the firewall on, the NIS client can't find the NIS server. When the firewall is off, it can. These are both on the same computer (the server).I have both the NIS client and server opened in the firewall -- all the setup has been done through yast so far.
Is there something else that needs to be done that I missing? Or if not, perhaps it just a minor setup bug in the scripts in which case could someone tell me what ports I would additionally need to open manually in the firewall to make it work that wouldn't already be opened?
On a different note, in a recent discussion on another thread someone told me that openSUSE was going to be unsupported from around May this year -- has anyone heard of this or should I just ignore it? I thought with 40k users registered on the website Novell would find something better to do with all of us rather that just drop us so I am a little skeptical.
I have a small home-office network. On that network I have two linux computers, one is a client the other a server.
On the server I have NFS Server setup and mount some NFS exports on the client computer.
On the server I have the firewall on and here it becomes a little tricky.
Since both the server and the client connect to the router the interface (eth1) is theoretically both an internal & external zone.
The router is commercial grade and therefore has a good firewall on it which is also setup. Therefore the firewall on the server is really more of a backup than a necessity. But that's fine, and by having the server's firewall on 'fail2ban' is able to work which I like to have working so I don't want to just turn off the server firewall even though I have good security from the router.
However, when I turn on the server's firewall, the client computer cannot see the NFS server when scanning for server -- done by: clicking on "Choose" next to "NFS Server Hostname" when adding an NFS share in the NFS Client in YaST. Clearly something is being blocked even though I have both "NFS Client" and "NFS Server Service" allowed in the server firewall. The Firewall config. files for these are below.
The Firewall configuration is pretty much "out of the box". That is I have the services I need opened up for the external zone, the other zones are left at their default which means the internal zone, although not used (i.e.: attached to any interface), is completely open.
The perfect solution I guess would be to setup my client computer to connect through a different NIC (perhaps eth0), make that the "Internal Zone" and therefore allow all traffic through to it while still blocking the server from the external zone. However, I cannot make that physical change to my network for now so I am looking for an in between (non-perfect) solution.
In this case I am guessing that means opening up extra NFS ports to the external zone so I have full NFS functionality. I don't mind this because like I said, the router firewall is the main line of defense anyway.
So, given all of the above could someone tell me what I would need to additionally open up in the server firewall to make the NFS server detection work on the client while the firewall was on. Or, if you have a cleverer/better solution without me changing my physical network that would be great.
Hopefully I have written this in enough detail and clearly enough so that all the parameters are clear but if not, feel free to ask me what you like and I'll try to make it clear.
Code: ## Description: Firewall Configuration for NFS kernel server. # # Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed. # More may be supported in the future. code....
I suspect this is an initial configuration bug. All firewall logs seem to be going to all three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
I have a home network which is protected by a dedicated firewall pc running pfSense. I have an opensuse 11.2 webserver on the home side of the firewall. Is it necessary to run the a firewall or setup iptables on the opensuse box?At some point I intend to port forward through the firewall to the web server so it can be accessed via the internet. Access to the web server will be password protected as its only for myself and my business associates to connect to.
I have a server machine that is running SUSE Linux Enterprise Server 11. I set up a mysql server there. Now I want to access this mysql server from my laptop. I used the following command,
> mysql -h 12.246.5.70 -u davidehs -p
I found if the firewall on the server machine is running, I can not connect the mysql server from my laptop. If I stop the firewall first, and the do the connection, I can access the mysql. how to keep the firewall running and allow the remote mysql incoming requests?
I have a server machine that is running SUSE Linux Enterprise Server 11. I set up a mysql server there. Now I want to access this mysql server from my laptop. I used the following command,
> mysql -h 12.246.5.70 -u davidehs -p
I found if the firewall on the server machine is running, I can not connect the mysql server from my laptop. If I stop the firewall first, and the do the connection, I can access the mysql. Do you guys have any idea how to keep the firewall running and allow the remote mysql incoming requests?
This morning I was configuring a DNS server through Yast at home, I've done it once before (in another wireless lan)and it works perfectly. But this morning, after I clicked "start dns server now", everything freezed, and caps lock light on keyboard kept flashing. I rebooted laptop,it couldn't boot into run level-5 and there were few "skipped" items and "failed" items displayed.... Sorry I'm new to linux so I re-installed it this afternoon, and kept /home partition, formatted / partition.
Everything seems to be fine after re-installation, again I tried configuring a DNS server and clicked "start dns server now", but the same problem appeared, caps lock light kept flashing and I rebooted the laptop but fortunately this time it didn't fail on any items when booting
In Yast-Network Settings, I choose "use controlled with network manager", and I can connect to wireless router and browsing web, but there are no any interfaces shown in Yast-Firewall, and this time, after I clicked "start dns server now", nothing happens, dns server just won't start...
I wondered about my Firewall settings (installed F15 a few days ago) and realize I can't find the Firewall in any menus (Gnome3).I seem to recall that in Fedora 13, there was a "System" menu either after Applications, or after Places.Choosing Applications, System Tools, System Settings still shows no Firewall choice.
I will be relocating to a permanent residence sometime in the next year or two. I've recently begun thinking about the best way to implement a home-based network. It occurred to me that the most elegant solution might be the use of VM technology to eliminate as much hardware and wiring as possible.My thinking is this: Install a multi-core system and configure it to run several VMs, one each for a firewall, a caching proxy server, a mail server, a web server. Additionally, I would like to run 2-4 VMs as remote (RDP)workstations, using diskless workstations to boot the VMs over powerline ethernet.The latest powerline technology (available later this year) will allow multiple devices on a residential circuit operating at near gigabit speed, just like legacy wired networks.
In theory, the above would allow me to consolidate everything but the disklessworkstations on a single server and eliminate all wired (and wireless) connections except the broadband connection to the Internet and the cabling to the nearest power outlets. It appears technically possible, but I'm not sure about the various virtual connections among VMs. In theory, each VM should be able to communicate with the other as if it was on the same network via the server data bus, but what about setting up firewall zones? Any internal I/O bandwidth bottlenecks? Any other potential "gotchas", caveats, issues? (Other than the obvious requirement of having enough CPU and RAM).Any thoughts or observations welcome, especially if they are from real world experience in a VM environment. BTW--in case you're wondering why I'm posting here, it's because I run Debian on all my workstations/servers (running VirtualBox as a VM for Windows XP on one workstation).
Samba is working correctly if Susefirewall2 is off. I have added Samba client and Samba Services for extern access but samba is not working when firewall is now on. Which services should I also add ?
I installed the latest version...Everything works like a charm. I have Windows Home Server 2003 running and would like to access all of my folders. How can i setup OPENSUSE to find/access my Windows Home Server 2003. Can you help me with this. Just to let you know. Am i missing something so i can access them locally.
I have a desktop computer running Debian Lenny, a 56 K modem, and a dial-up account, currently configured like this: computer -> modem -> UPS -> phone jack
When I run off a Knoppix live CD, I can use kppp to configure pppd (using PAP/CHAP authentication and hardware control flow) to dialup and surf. When I try to user kppp to configure pppd exactly the same way on my hard drive installation, I get nothing. Both my Knoppix live CD and Debian Lenny use exactly the same version of kppp, but the pppd related files in /etc/ppp look a bit different.
Under both Knoppix and Debian Lenny hard drive installation, when I try to connect, the login debug window of kppp shows:
Code: ATZ OK ATM1L1 OK ATDT [phone number]
At this point I hear the modem dialing out, and when using Knoppix, after a few seconds I see
Code:
Which I think corresponds to my route to the InterNet being established through my ISP. When using the hard drive install, I never see the CONNECT, and all indications are that my modem is not sending authentication information at all, but getting stuck right after dialing out, so that my ISP gets a phone call from a modem which... refuses to speak. I never had any problems before, so I am baffled.
So apparently my system is currently misconfigured in some way which prevents point to point protocol from getting out.
Questions: I have a firewall on my computer which I set up using guarddog. I have enabled point to point protocol from internet zone to local zone. I know that ppp is a symmetrical protocol, but my understanding is that I do not need to enable point to point from local to internet zone. I have not enabled irc protocol because my understanding is that this is only relevant to software flow control using chat scripts. Does this sound correct? Is there some additional protocol I need to allow in order to use pppd to dial out?
When I reboot my computer (off the hard drive) I sometimes see that the system complaining about a failure to stop every process, and sometimes I see mention of an eth0.pid. I have been looking for lock files; would they all be in /var/run?
When I use kppp to configure pppd, I want to do that as my ordinary user for at least two reasons, correct? don't want to run pppd as root user for security reasons kppp is a GUI and root user can't use X (on Debian)
So I should see in home directory of my ordinary user .kde/share/config/kppprc .kde/share/apps/kppp
But not in /root directory, correct? What pppd related processes should I see with ps -ef if everything is working?
I just set up my firewall, and now I can't see any Samba workgroups. It says it can't find any workgroups on my local network, and it may be caused by a firewall. It is a firewall issue because if I disable my firewall, I can see the workgroup. What do I need to open on my firewall to see the workgroup? I am using Slackware64 13.37.
Here is how I set up my firewall.
Code: iptables -P INPUT DROP iptables -P FORWARD DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT I got the commands from here url.
I've gotten this in the past with other PCs, but have been able to fix it by deleting my connection in Network Manager and recreating it. I'm using DHCP. This is OpenSUSE 11.3 on a HP Mini-110 Netbook.Here's the weird part, before anyone starts sending me to resolv.conf or asking for "lspci" stuff. When I'm in a terminal on this netbook, I can enter "host google.com" and it works. I can enter, "host download.opensuse.org" and it works fine. I get an IP address. If I manually enter the IP address in Firefox, I go to the site. But if I enter "www.google.com" in Firefox, it very quickly responds with, "Firefox can't find the server at google.com.""Browse Offline" isn't checked. (Think about it: if it was, I couldn't enter the IP address and go to a site, anyway.) This is a brand new install of OS 11.3, Firefox 3.6.6. But one other interesting thing: the software updater reported that common "curl" error, saying that IT couldn't resolve the addresses, either.
I'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.
i m unable to ssh my one centos 5.6 remote server from my one server
Code:
ssh -v root@sxyz.abc.com OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for *
[code]...
i even turn off all firewall rules on both server i can able to ssh from my home or any other pc to remote pc so i don't think there is any problem in target pc
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
I'm trying to build firewall on Debian with 'Firewall Builder'. But it won't let me compile and run unless one interface is set as management. There are two interfaces on my computer: 'eth0' and 'lo'
I don't want to be able to configure firewall remotely, so could I use 'lo' as 'management interface'?
I am looking for a layer 7 firewall. I have to redirect rtmp requests for different hostnames coming at a gateway to internal servers at LAN at their respective hostnames. Code: IPTABLES some stuff -p rtmp -hostname to server 1 like that. Or if not IPTABLES then some other feasible solution.
I have been through the threads here and there and think I have everything set up for the two computers to share files.This a vista64 box to a openSuse 11.2. 11.2 has been updated with the newer samba files.The Vista box has the shares set up. I seem to can't get Samba to see it no matter which settings I give it. It says there is a possible firewall between Opensuse and vista.
Ubuntu 9.10 would see the share with just scanning the stuff but it was extremely slow.I keep looking for insight in the forums for what I am seeing or missing to get around this.I would like to see the speed of the network when I share files, the sneaker net is getting old with the usb drives.
After metering the power being used daily in my computer room, I decided that I needed to get somewhat greener. So I am updating all my equipment and getting rid of the old towers and power hungry equipment. So far so good, except for the box running Smoothwall.
It is an old IBM 300GL from the '90s that is apparently never going to die. But it is noisy and not exactly low powered and has to be on all the time. The only machines that I have presently that can be used as a replacement are full blown AMD 3000 and 6000's, and I hate to waste one of those just to be a firewall. I can find some mini cube systems that are very low powered - some even run on just a wall cube - but can't find one with two ethernet ports, and of course there is no plugin buss on a tiny box.
I got 2 servers, each on different locations (server 1 and server 2). I want all traffic on server1 included web browsing, applications etc., be always going through server2, like a gateway. I want the traffic to be encrypted (maybe use VPN?) So if I browse, or any logs pick up ip adresses from applications used by server1, I want it to display the IP address from server2 (Might be the wrong way to say it).
I always wants server2 to act as an firewall and logserver that logs all the traffic. I was thinking about using Snort for IPS/IDS solutions and OpenVPN for the traffic, but what can I use as a firewall? Most firewalls I find on google has its own OS/Distribution. Maybe Squid for logs? But squid does not support much protocols. Distribution on both servers are updated Debian/Ubuntu based.
I'm trying to configure a messaging system based on php script with iptables, rsyslog and mysql. In the firewall server Sendmail is istalled so i'd like to use it to receive messages in the main mail server, located in DMZ. In the Lan i've configured another linux server than works perfectly, sending mail messages to the server located in DMZ. After looking for some solution I've tried to configure sendmail to relay mail to the server but the only thing I reached is the following message: "Deferred: Connection refused by mail.server.com" message rest on queue and flushing it reply
I have vsFTPd running on my server. If I connect via 127.0.0.1, then all is well and I can use the "ls" command to get a directory listing. However when trying this remotely, the FTP client hangs and I do not get a directory listing.
I am having trouble with yahoo audio/video voice calls. I am behind squid firewall on WAN. I have asked my IT Admin to open the audio/video ports. He have open the ports but still the audio/video buttons are disabled on chat window.
I wanted to set up a secure FTP server with proftpd so I can put some large files on the web for my pops. Here is my problem, I use a clearwire modem that won't allow you to change any of the settings but appears to have some pre-set firewalling capabilities. I also have a linksys wireless router connected to the modem. That firewall has all the port forwarding settings ready to go, and there hasn't been an issue with anything else, so here it goes.
I have a properly configured secure FTP setup with proftpd and the client app I'm using is Filezilla. I know it is configured right because I was able to use the FTP server via my LAN. Maybe my logic is wrong but, I was connecting to the FTP server at it's IP on the LAN of 192.168.1.5:21. If I wanted my pops to connect from out of state I would give him the ip the internet sees when I surf the web, right? Looks something like this 68.44.22.113. I should tell him to configure Filezilla to connect to 68.44.22.113:21. If my logic is wrong, please let me know, because when I try to do this I get an error that says connection refused by host.
how to implement proxy server with firewall and the client users should be authinticated by asking username & password while opening their web browsers and finally i want to see the websites visted list of all the client computers On cent os 5.3
I intend to set up a web site on a dedicated web server in colocation (containing nothing else except the server OS).Is it sufficient to make all files read only and use Apache mod_security or can a firewall offer extra necessary protection?
