I have vsFTPd running on my server. If I connect via 127.0.0.1, then all is well and I can use the "ls" command to get a directory listing. However when trying this remotely, the FTP client hangs and I do not get a directory listing.
View 4 RepliesI have a small home-office network. On that network I have two linux computers, one is a client the other a server.
On the server I have NFS Server setup and mount some NFS exports on the client computer.
On the server I have the firewall on and here it becomes a little tricky.
Since both the server and the client connect to the router the interface (eth1) is theoretically both an internal & external zone.
The router is commercial grade and therefore has a good firewall on it which is also setup. Therefore the firewall on the server is really more of a backup than a necessity. But that's fine, and by having the server's firewall on 'fail2ban' is able to work which I like to have working so I don't want to just turn off the server firewall even though I have good security from the router.
However, when I turn on the server's firewall, the client computer cannot see the NFS server when scanning for server -- done by: clicking on "Choose" next to "NFS Server Hostname" when adding an NFS share in the NFS Client in YaST. Clearly something is being blocked even though I have both "NFS Client" and "NFS Server Service" allowed in the server firewall. The Firewall config. files for these are below.
The Firewall configuration is pretty much "out of the box". That is I have the services I need opened up for the external zone, the other zones are left at their default which means the internal zone, although not used (i.e.: attached to any interface), is completely open.
The perfect solution I guess would be to setup my client computer to connect through a different NIC (perhaps eth0), make that the "Internal Zone" and therefore allow all traffic through to it while still blocking the server from the external zone. However, I cannot make that physical change to my network for now so I am looking for an in between (non-perfect) solution.
In this case I am guessing that means opening up extra NFS ports to the external zone so I have full NFS functionality. I don't mind this because like I said, the router firewall is the main line of defense anyway.
So, given all of the above could someone tell me what I would need to additionally open up in the server firewall to make the NFS server detection work on the client while the firewall was on. Or, if you have a cleverer/better solution without me changing my physical network that would be great.
Hopefully I have written this in enough detail and clearly enough so that all the parameters are clear but if not, feel free to ask me what you like and I'll try to make it clear.
Code:
## Description: Firewall Configuration for NFS kernel server.
#
# Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed.
# More may be supported in the future.
code....
For some time now, I'm having some problems with configuring an NFSv4 server to let it work with a firewall. I've already searched to web, but I was unable to find a solution that works for me.
The situation is as follows:
I'm trying to connect an NFS client to an NFS server that is behind a firewall. I don't have access to this firewall, but I can contact the administrator to open some ports for me. I already did this for opening port 2049.
The result is that the client can read files from the server, but is unable to write files to the server. I believe that for writing an extra RPC-connection needs to be set up. However, the ports on which the RPC-connection is set up, seem to be different for every connection (I verified this using 'netstat -tn').
Clearly, this is a problem since the server is protected by the firewall.
Thus, what I want to do is configure the server in such a way, that it always uses the same server-side port(s) to connect with the writing clients (just like 2049 for reading). I've already tried to configure the /etc/default/nfs-kernel-server and /etc/default/nfs-common files, but that hasn't really worked out yet.
Note: Because I don't like to contact the system admin every day, I hooked up 2 computers (client/server) on which I set up the same configuration (without the firewall). I'd like to see it working on those machines first (that is, 'netstat -tn' showing the correct port), before I contact the admin to open some extra ports.
I have a CentOS 5.4 box that I am trying to set up as an OpenVPN server. So I modified the firewall by running the following script:
#!/bin/bash
#
# the following rules will flush out any existing chains
[code].....
I am using F12 and whenever i open the firewall program it hangs. Is this common or is it just me?
View 5 Replies View RelatedLinux VPN client exists which will connect to a Sonicwall firewall?
View 1 Replies View RelatedI configured openLdap in RHEL5 on virtual achines,everything is working fine, I created a user called ldapuser,in LDAP server and i created a home directory for ldapuser in my LDAP client, now i can able to login to the both Server and client with ldapuser account....
Now here what am expecting is i want to export my server's home directory to the client, i dont want to create home directories manually in the client machine, i googled about that, and it can be done through autofs.....
what need to be done on the client and server side.
i have configured the squid for my lan. My lan has three redhat 5.3 web servers. Now by using proxy server, i wish to give access to external clients for my web server and restrict to local client, accessing wan through port 80
View 2 Replies View RelatedI've set up a Lan-to-Lan (routed) OpenVPN tunnel. For redundancy I want to set up a second VPN tunnel on a fallback gateway/firewall on the client side. Currently, both sides (server/client) know how to route packets across each others physical LAN. So no NAT is used. When the primary gateway (fw1) is connected to the VPN server all traffic runs via the fw1 tunnel. Than when the secondary gateway (fw2) connects to the VPN server and fw1 is still connected all traffic for fw1 will be delivered to fw2 and effectively destroying traffic intended for fw1. This is of course no problem if I first shutdown (fence) fw1, than set up fw2 to use the gateway IP address from fw1 and set up the VPN tunnel to the VPN server. Effectively replacing fw1 with fw2 on the client side.
However, I can't seem to find a decent howto.
I am also exploring the possibility to let both tunnels active and let OpenVPN (or another tool) decide how to route packets back and forth the different LANs. A virtual IP between two gateway's both running a VPN or something similar. This would be the preferred method of course. However, I don't know how to tackle this one but I'm pretty sure there are people out there who are happy to share their 2 cents.
nfs client hangs system for 3 to 5 minutes during boot, Does any one have any clues?
The last message before the hang is 'Starting NFS client services: sm-notify idmapd'.
My fstab looks like this:/dev/system/swap swap swap defaults 0 0
/dev/system2/swap swap swap defaults 0 0
/dev/system2/root / ext4 acl,user_xattr 1 1
[Code]....
As you may notice, the client computer of which the mkahawa client package is installed is inside virtual box(guest OS) with the user account name pc004 and with the static LAN ip of 192.168.1.4 then the server(host OS) is 192.168.1.2. The program installation says 0% but detail informs successfully installed. Nothing happens after and very confusing
View 1 Replies View RelatedWe're seeing NFS hangs with a Fedora 13 client to a Thecus N7700 NAS unit. /etc/fstab entry for the mount is pure default. Sometimes, the hang ups freeze the Fedora client and it has to be power-cycled to reboot it.
View 4 Replies View RelatedAfter connecting to any host, the openssh client hangs after I type the password. The strange part is, it only hangs if when I use the wlan card. If I connect my phone to the computer and uses it to connect to my server, it works 100%.
If I use any other computer at the wireless network, it works 100%
If I use putty on the same machine, it works 100%
It is only a problem when I use the build-in wireless card, under openSuSE 11.3, on my Lenovo L512. (note that everything besides ssh works completely).
When accessing an NFS mount for a large (200MB+) file transfer, the transfer starts rapidly, then becomes slower and slower until it hangs. On several occasions, it has frozen the client machine. Both client and server are set to default to nfs version 3. Slowdown and hang also occur when connecting to FreeBSD NFS mounts.
Presumably (I hope), there is some sort of configuration for the client that needs to be set. what should be changed in the configuration? This worked out of the box in OpenSUSE 11.0.
I am booting centos 5.4 on machine. The system hangs at line "Applying iptables firewall rules".Is there any way to skip starting iptables service during boot or disable it during boot so the system finally reboots.
View 1 Replies View RelatedI will be relocating to a permanent residence sometime in the next year or two. I've recently begun thinking about the best way to implement a home-based network. It occurred to me that the most elegant solution might be the use of VM technology to eliminate as much hardware and wiring as possible.My thinking is this: Install a multi-core system and configure it to run several VMs, one each for a firewall, a caching proxy server, a mail server, a web server. Additionally, I would like to run 2-4 VMs as remote (RDP)workstations, using diskless workstations to boot the VMs over powerline ethernet.The latest powerline technology (available later this year) will allow multiple devices on a residential circuit operating at near gigabit speed, just like legacy wired networks.
In theory, the above would allow me to consolidate everything but the disklessworkstations on a single server and eliminate all wired (and wireless) connections except the broadband connection to the Internet and the cabling to the nearest power outlets. It appears technically possible, but I'm not sure about the various virtual connections among VMs. In theory, each VM should be able to communicate with the other as if it was on the same network via the server data bus, but what about setting up firewall zones? Any internal I/O bandwidth bottlenecks? Any other potential "gotchas", caveats, issues? (Other than the obvious requirement of having enough CPU and RAM).Any thoughts or observations welcome, especially if they are from real world experience in a VM environment. BTW--in case you're wondering why I'm posting here, it's because I run Debian on all my workstations/servers (running VirtualBox as a VM for Windows XP on one workstation).
I have a Nis server on Suse 11 which is configured using Yast and nis clients on Suse and CentOs .All clients which is on the Suse Os is working fine. But on CentOs , users couldn't login using nis username.I have mounted home directory using nfs in fstab . I can switch to nis users homedirectory only when i am root. But nis users could'nt login on reboot.' ypcat passwd username ' is showing the output . No selinux is enabled in the client .Is there is any problem with Suse server to Centos Client in nis ??
View 2 Replies View RelatedI'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.
View 8 Replies View Relatedi m unable to ssh my one centos 5.6 remote server from my one server
Code:
ssh -v root@sxyz.abc.com
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
[code]...
i even turn off all firewall rules on both server i can able to ssh from my home or any other pc to remote pc so i don't think there is any problem in target pc
I suspect this is an initial configuration bug. All firewall logs seem to be going to all
three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
I'm trying to build firewall on Debian with 'Firewall Builder'. But it won't let me compile and run unless one interface is set as management. There are two interfaces on my computer: 'eth0' and 'lo'
I don't want to be able to configure firewall remotely, so could I use 'lo' as 'management interface'?
I am looking for a layer 7 firewall. I have to redirect rtmp requests for different hostnames coming at a gateway to internal servers at LAN at their respective hostnames.
Code:
IPTABLES some stuff -p rtmp -hostname to server 1
like that.
Or if not IPTABLES then some other feasible solution.
I've started facing the weirdest problem. I have to restart the ethernet interface a couple of times a day and everytime i do that the server locks up completely and i have to hard reboot it.info: recently shifted to a new server, all new components and new installation, OS version CentOS 5.6
View 1 Replies View RelatedI've been setting up NIS for the first time. When I have the firewall on, the NIS client can't find the NIS server. When the firewall is off, it can. These are both on the same computer (the server).I have both the NIS client and server opened in the firewall -- all the setup has been done through yast so far.
Is there something else that needs to be done that I missing? Or if not, perhaps it just a minor setup bug in the scripts in which case could someone tell me what ports I would additionally need to open manually in the firewall to make it work that wouldn't already be opened?
On a different note, in a recent discussion on another thread someone told me that openSUSE was going to be unsupported from around May this year -- has anyone heard of this or should I just ignore it? I thought with 40k users registered on the website Novell would find something better to do with all of us rather that just drop us so I am a little skeptical.
After metering the power being used daily in my computer room, I decided that I needed to get somewhat greener. So I am updating all my equipment and getting rid of the old towers and power hungry equipment. So far so good, except for the box running Smoothwall.
It is an old IBM 300GL from the '90s that is apparently never going to die. But it is noisy and not exactly low powered and has to be on all the time. The only machines that I have presently that can be used as a replacement are full blown AMD 3000 and 6000's, and I hate to waste one of those just to be a firewall. I can find some mini cube systems that are very low powered - some even run on just a wall cube - but can't find one with two ethernet ports, and of course there is no plugin buss on a tiny box.
I got 2 servers, each on different locations (server 1 and server 2). I want all traffic on server1 included web browsing, applications etc., be always going through server2, like a gateway. I want the traffic to be encrypted (maybe use VPN?) So if I browse, or any logs pick up ip adresses from applications used by server1, I want it to display the IP address from server2 (Might be the wrong way to say it).
I always wants server2 to act as an firewall and logserver that logs all the traffic. I was thinking about using Snort for IPS/IDS solutions and OpenVPN for the traffic, but what can I use as a firewall? Most firewalls I find on google has its own OS/Distribution. Maybe Squid for logs? But squid does not support much protocols. Distribution on both servers are updated Debian/Ubuntu based.
I'm trying to configure a messaging system based on php script with iptables, rsyslog and mysql. In the firewall server Sendmail is istalled so i'd like to use it to receive messages in the main mail server, located in DMZ. In the Lan i've configured another linux server than works perfectly, sending mail messages to the server located in DMZ. After looking for some solution I've tried to configure sendmail to relay mail to the server but the only thing I reached is the following message: "Deferred: Connection refused by mail.server.com" message rest on queue and flushing it reply
[Code]...
I am having trouble with yahoo audio/video voice calls. I am behind squid firewall on WAN. I have asked my IT Admin to open the audio/video ports. He have open the ports but still the audio/video buttons are disabled on chat window.
View 7 Replies View RelatedI wanted to set up a secure FTP server with proftpd so I can put some large files on the web for my pops. Here is my problem, I use a clearwire modem that won't allow you to change any of the settings but appears to have some pre-set firewalling capabilities. I also have a linksys wireless router connected to the modem. That firewall has all the port forwarding settings ready to go, and there hasn't been an issue with anything else, so here it goes.
I have a properly configured secure FTP setup with proftpd and the client app I'm using is Filezilla. I know it is configured right because I was able to use the FTP server via my LAN. Maybe my logic is wrong but, I was connecting to the FTP server at it's IP on the LAN of 192.168.1.5:21. If I wanted my pops to connect from out of state I would give him the ip the internet sees when I surf the web, right? Looks something like this 68.44.22.113. I should tell him to configure Filezilla to connect to 68.44.22.113:21. If my logic is wrong, please let me know, because when I try to do this I get an error that says connection refused by host.