OK, never mind, the directory now mounts and everything is where it
should be. As long as Guarddog is turned off. Guarddog is probably ok
turned off as long as I am at home using a router with its own firewall,
but I would like it to still be functional for when I take the laptop on
trips, etc, so I don't get hacked or catch cooties. I tried setting up
a zone named LAN with the IPs of both boxes listed, and with NFS and
ping turned on, but it did not make a difference. Where from here?
Lee Einer wrote:
> Progress. Killing Guarddog does allow the ping. Executing the mount
> command manually (once I also start NFS manually on mandrakebox) does
> mount mandrakebox /home/lee to /mepisbox /home/mandrake. Need to find
> out how to permit NFS between these two with Guarddog running.
>
> When I open /home/mandrake on my mepis laptop, however, even with all
> of this done, the directory shows as empty. I should be seing my
> /home/lee directory there, shouldn't I?
>
>
>
> Craig White wrote:
>
>> On Fri, 2005-02-04 at 02:49 -0700, Lee Einer wrote:
>>
>>
>>> Craig White wrote:
>>>
>>>
>>>
>>>> On Thu, 2005-02-03 at 21:09 -0700, Lee Einer wrote:
>>>>
>>>>
>>>>
>>>>
>>>>> Craig White wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> On Thu, 2005-02-03 at 20:16 -0700, Lee Einer wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Done. Pinged Mepisbox. No packets returned. Mepisbox pings
>>>>>>> Mandrakebox just fine. Stopping iptables at mepisbox returns
>>>>>>> message
>>>>>>>
>>>>>>> Aborting iptables load: unknown ruleset, "inactive."
>>>>>>>
>>>>>>> I don't know if that is a good thing or a bad thing. It does not
>>>>>>> get the ping going, though.
>>>>>>>
>>>>>>> I have connectivity through both computers to the router, and
>>>>>>> through the router to the internet. The connection for the Mepis
>>>>>>> laptop is wireless- is this at the root of the issue?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ----
>>>>>> it might very well be...
>>>>>>
>>>>>> The wireless access point - does it have some security setting on
>>>>>> it to
>>>>>> prevent wireless users from accessing other parts of the LAN? -
>>>>>> does it
>>>>>> put wireless users in a DMZ ?
>>>>>>
>>>>>> Question if you do (on both machines):
>>>>>> #route -n
>>>>>> Kernel IP routing table
>>>>>> Destination Gateway Genmask Flags Metric Ref Use
>>>>>> Iface
>>>>>> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
>>>>>> 0 eth0
>>>>>> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
>>>>>> 0 eth0
>>>>>> 0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0
>>>>>> 0 eth0
>>>>>>
>>>>>> does they look like above?
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> close. They both have the same gateway address, and both can ping
>>>>> it. Line 2 on Mandrake box has different Iface and Genmask
>>>>> -127.0.0.0 and 255.0.0.0 respectively. Mepis box has two lines
>>>>>
>>>>> Destination Gateway Genmask
>>>>> 192.168.0.0 0.0.0.0 255.255.255.0 ath0
>>>>> 0.0.0.0 192.168.0.1 0.0.0.0 ath0
>>>>>
>>>>>
>>>>>
>>>>
>>>> -----
>>>> OK - well let's evaluate my assumptions then...
>>>>
>>>> You have something like a Netgear Wireless Router (I think they use
>>>> the
>>>> 192.168.0.0 network) or perhaps one of the newer Qwest supplied
>>>> Actiontec dsl modem/routers with wireless and your Mandrake box
>>>> connects
>>>> with a cable to one of the LAN ports and the Mepisbox (your laptop)
>>>> connects to this same router via wireless.
>>>>
>>>> With this assumption (brand accuracy not important), then they are
>>>> both
>>>> 'pinging' the same gateway - 192.168.0.1
>>>>
>>>> With this assumption, from the Mepisbox, you should be able to ping
>>>> 192.168.0.100 as well as 192.168.0.1 unless there is a firewall on the
>>>> Mandrakebox. If not, then on the Mandrakebox, type 'iptables -L' and
>>>> post the results
>>>>
>>>> With this assumption, from the Mandrakebox, you should be able to ping
>>>> 192.168.0.101 as well as 192.168.0.1 unless there is a firewall on the
>>>> Mepisbox. If not, then on the Mepisbox, type 'iptables -L' and post
>>>> the
>>>> results
>>>>
>>>>
>>>
>>> This is the case. Here is the output of iptables -L from the Mepisbox-
>>>
>>> Chain INPUT (policy DROP)
>>> target prot opt source destination
>>> ACCEPT all -- anywhere anywhere
>>> ACCEPT all -- mepisbox 192.168.0.255
>>> logaborted tcp -- anywhere anywhere state
>>> RELATED,ESTABLISHED tcp flags:RST/RST ACCEPT all --
>>> anywhere anywhere state RELATED,ESTABLISHED
>>> ACCEPT icmp -- anywhere anywhere icmp
>>> destination-unreachable ACCEPT icmp -- anywhere
>>> anywhere icmp time-exceeded ACCEPT icmp --
>>> anywhere anywhere icmp parameter-problem
>>> nicfilt all -- anywhere anywhere
>>> srcfilt all -- anywhere anywhere
>>> Chain FORWARD (policy DROP)
>>> target prot opt source destination
>>> ACCEPT all -- anywhere anywhere state
>>> RELATED,ESTABLISHED ACCEPT icmp -- anywhere
>>> anywhere icmp destination-unreachable ACCEPT icmp --
>>> anywhere anywhere icmp time-exceeded
>>> ACCEPT icmp -- anywhere anywhere icmp
>>> parameter-problem srcfilt all -- anywhere
>>> anywhere
>>> Chain OUTPUT (policy DROP)
>>> target prot opt source destination
>>> ACCEPT all -- anywhere anywhere
>>> ACCEPT all -- anywhere anywhere state
>>> RELATED,ESTABLISHED ACCEPT icmp -- anywhere
>>> anywhere icmp destination-unreachable ACCEPT icmp --
>>> anywhere anywhere icmp time-exceeded
>>> ACCEPT icmp -- anywhere anywhere icmp
>>> parameter-problem s1 all -- anywhere
>>> anywhere
>>> Chain f0to1 (3 references)
>>> target prot opt source destination
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> spts:1024:65535 dpts:6881:6889 state NEW ACCEPT tcp --
>>> anywhere anywhere tcp spts:1024:65535 dpt:ipp
>>> state NEW ACCEPT udp -- anywhere
>>> anywhere udp dpt:ipp ACCEPT tcp --
>>> anywhere anywhere tcp dpt:microsoft-ds state
>>> NEW ACCEPT tcp -- anywhere anywhere tcp
>>> dpt:netbios-ns state NEW ACCEPT udp -- anywhere
>>> anywhere udp spts:1024:65535 dpt:netbios-ns ACCEPT
>>> udp -- anywhere anywhere udp spt:netbios-ns
>>> dpt:netbios-ns ACCEPT udp -- anywhere
>>> anywhere udp spts:1024:65535 dpt:netbios-dgm ACCEPT
>>> udp -- anywhere anywhere udp
>>> spt:netbios-dgm dpt:netbios-dgm ACCEPT tcp --
>>> anywhere anywhere tcp dpt:netbios-ssn state
>>> NEW ACCEPT udp -- anywhere anywhere udp
>>> spts:1024:65535 dpt:netbios-ssn ACCEPT icmp --
>>> anywhere anywhere icmp source-quench
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> spts:1024:65535 dpt:www state NEW ACCEPT tcp --
>>> anywhere anywhere tcp spts:1024:65535
>>> dpt:webcache state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:65535 dpt:8008 state NEW
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> spts:1024:65535 dpt:8000 state NEW ACCEPT tcp --
>>> anywhere anywhere tcp spts:1024:65535
>>> dpt:8888 state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:65535 dpt:6969 state NEW
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> spts:1024:65535 dpts:6881:6889 state NEW ACCEPT udp --
>>> anywhere anywhere udp dpts:6970:7170
>>> ACCEPT udp -- anywhere anywhere udp
>>> spt:netbios-ns dpts:1024:5999 ACCEPT udp --
>>> anywhere anywhere udp spt:netbios-ns
>>> dpt:netbios-ns ACCEPT udp -- anywhere
>>> anywhere udp spt:netbios-dgm dpt:netbios-dgm ACCEPT
>>> tcp -- anywhere anywhere tcp
>>> spts:1024:65535 dpts:1024:65535 state NEW ACCEPT icmp --
>>> anywhere anywhere icmp echo-reply logdrop
>>> all -- anywhere anywhere
>>> Chain f0to2 (1 references)
>>> target prot opt source destination
>>> logdrop all -- anywhere anywhere
>>> Chain f1to0 (1 references)
>>> target prot opt source destination
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> spts:1024:5999 dpts:6881:6889 state NEW ACCEPT udp --
>>> anywhere anywhere udp spt:netbios-ns
>>> dpts:1024:65535 ACCEPT udp -- anywhere
>>> anywhere udp spt:netbios-ns dpt:netbios-ns ACCEPT
>>> udp -- anywhere anywhere udp
>>> spt:netbios-dgm dpt:netbios-dgm ACCEPT tcp --
>>> anywhere anywhere tcp spts:1024:5999 dpt:ftp
>>> state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpt:xmpp-client state NEW
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> spts:1024:5999 dpts:6881:6889 state NEW ACCEPT tcp --
>>> anywhere anywhere tcp spts:1024:5999 dpt:1863
>>> state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp dpt:554 state NEW ACCEPT tcp --
>>> anywhere anywhere tcp dpt:7070 state NEW
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> spts:1024:5999 dpt:ipp state NEW ACCEPT udp --
>>> anywhere anywhere udp dpt:ipp ACCEPT udp
>>> -- anywhere anywhere udp dpt:3478 ACCEPT
>>> tcp -- anywhere anywhere tcp dpt:kerberos
>>> state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpt:https state NEW
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> spts:1024:5999 dpt:imaps state NEW ACCEPT tcp --
>>> anywhere anywhere tcp dpt:3030 state NEW
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> spts:1024:5999 dpt:rsync state NEW ACCEPT tcp --
>>> anywhere anywhere tcp dpt:microsoft-ds state
>>> NEW ACCEPT tcp -- anywhere anywhere tcp
>>> dpt:gnutella-svc state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp dpt:8765 state NEW ACCEPT tcp --
>>> anywhere anywhere tcp spts:1024:5999 dpt:8880
>>> state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpt:ssh state NEW ACCEPT
>>> tcp -- anywhere anywhere tcp spts:0:1023
>>> dpt:ssh state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp dpt:netbios-ns state NEW ACCEPT udp --
>>> anywhere anywhere udp spts:1024:5999
>>> dpt:netbios-ns ACCEPT udp -- anywhere
>>> anywhere udp spt:netbios-ns dpt:netbios-ns ACCEPT
>>> udp -- anywhere anywhere udp spts:1024:5999
>>> dpt:netbios-dgm ACCEPT udp -- anywhere
>>> anywhere udp spt:netbios-dgm dpt:netbios-dgm ACCEPT
>>> tcp -- anywhere anywhere tcp
>>> dpt:netbios-ssn state NEW ACCEPT udp -- anywhere
>>> anywhere udp spts:1024:5999 dpt:netbios-ssn ACCEPT
>>> tcp -- anywhere anywhere tcp spts:1024:5999
>>> dpts:5190:5193 state NEW ACCEPT udp -- anywhere
>>> anywhere udp spts:1024:5999 dpts:5190:5193 ACCEPT
>>> udp -- anywhere anywhere udp
>>> dpts:33434:33600 ACCEPT udp -- anywhere
>>> anywhere udp dpt:ntp ACCEPT tcp --
>>> anywhere anywhere tcp spts:1024:5999
>>> dpt:pop3s state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpt:5050 state NEW ACCEPT
>>> tcp -- anywhere anywhere tcp spts:1024:5999
>>> dpt:telnet state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpts:5000:5001 state NEW
>>> ACCEPT udp -- anywhere anywhere udp
>>> spts:1024:5999 dpt:5000 ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpt:dict state NEW ACCEPT
>>> tcp -- anywhere anywhere tcp spts:1024:5999
>>> dpt:1723 state NEW ACCEPT gre -- anywhere
>>> anywhere ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpt:whois state NEW
>>> ACCEPT udp -- anywhere anywhere udp
>>> dpt:43 ACCEPT tcp -- anywhere anywhere
>>> tcp spts:1024:5999 dpt:nntp state NEW ACCEPT tcp --
>>> anywhere anywhere tcp spts:1024:5999
>>> dpt:imap2 state NEW ACCEPT udp -- anywhere
>>> anywhere udp dpt:imap2 ACCEPT udp --
>>> anywhere anywhere udp dpt:4000 ACCEPT
>>> tcp -- anywhere anywhere tcp
>>> spts:1024:65535 dpts:1024:65535 state NEW ACCEPT tcp --
>>> anywhere anywhere tcp dpt:ldap state NEW
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> dpt:522 state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp dpt:1503 state NEW ACCEPT tcp --
>>> anywhere anywhere tcp dpt:1720 state NEW
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> dpt:1731 state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpts:1024:65535 state NEW
>>> ACCEPT udp -- anywhere anywhere udp
>>> spts:1024:5999 dpts:1024:65535 ACCEPT icmp --
>>> anywhere anywhere icmp echo-request
>>> ACCEPT icmp -- anywhere anywhere icmp
>>> source-quench ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpt:smtp state NEW ACCEPT
>>> tcp -- anywhere anywhere tcp dpt:domain
>>> state NEW ACCEPT udp -- anywhere
>>> anywhere udp dpt:domain ACCEPT tcp --
>>> anywhere anywhere tcp spts:1024:5999 dpt:www
>>> state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpt:webcache state NEW
>>> ACCEPT tcp -- anywhere anywhere tcp
>>> spts:1024:5999 dpt:8008 state NEW ACCEPT tcp --
>>> anywhere anywhere tcp spts:1024:5999 dpt:8000
>>> state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpt:8888 state NEW ACCEPT
>>> tcp -- anywhere anywhere tcp spts:1024:5999
>>> dpts:6660:6669 state NEW ACCEPT tcp -- anywhere
>>> anywhere tcp spts:1024:5999 dpt:6969 state NEW ACCEPT
>>> tcp -- anywhere anywhere tcp spts:1024:5999
>>> dpt:pop3 state NEW logdrop all -- anywhere
>>> anywhere
>>> Chain f1to2 (1 references)
>>> target prot opt source destination
>>> logdrop all -- anywhere anywhere
>>> Chain f2to0 (1 references)
>>> target prot opt source destination
>>> logdrop all -- anywhere anywhere
>>> Chain f2to1 (3 references)
>>> target prot opt source destination
>>> logdrop all -- anywhere anywhere
>>> Chain logaborted (1 references)
>>> target prot opt source destination
>>> logaborted2 all -- anywhere anywhere
>>> limit: avg 1/sec burst 10 LOG all -- anywhere
>>> anywhere limit: avg 2/min burst 1 LOG level warning
>>> prefix `LIMITED '
>>> Chain logaborted2 (1 references)
>>> target prot opt source destination
>>> LOG all -- anywhere anywhere LOG
>>> level warning tcp-sequence tcp-options ip-options prefix `ABORTED '
>>> ACCEPT all -- anywhere anywhere state
>>> RELATED,ESTABLISHED
>>> Chain logdrop (8 references)
>>> target prot opt source destination
>>> logdrop2 all -- anywhere anywhere
>>> Chain logdrop2 (1 references)
>>> target prot opt source destination
>>> DROP all -- anywhere anywhere
>>> Chain logreject (0 references)
>>> target prot opt source destination
>>> logreject2 all -- anywhere anywhere
>>> Chain logreject2 (1 references)
>>> target prot opt source destination
>>> REJECT tcp -- anywhere anywhere
>>> reject-with tcp-reset REJECT udp -- anywhere
>>> anywhere reject-with icmp-port-unreachable DROP
>>> all -- anywhere anywhere
>>> Chain nicfilt (1 references)
>>> target prot opt source destination
>>> RETURN all -- anywhere anywhere
>>> RETURN all -- anywhere anywhere
>>> RETURN all -- anywhere anywhere
>>> logdrop all -- anywhere anywhere
>>> Chain s0 (1 references)
>>> target prot opt source destination
>>> f0to1 all -- anywhere mepisbox
>>> f0to1 all -- anywhere 192.168.0.255
>>> f0to1 all -- anywhere mepisbox
>>> f0to2 all -- anywhere 12.168.0.100
>>> logdrop all -- anywhere anywhere
>>> Chain s1 (1 references)
>>> target prot opt source destination
>>> f1to2 all -- anywhere 12.168.0.100
>>> f1to0 all -- anywhere anywhere
>>> Chain s2 (1 references)
>>> target prot opt source destination
>>> f2to1 all -- anywhere mepisbox
>>> f2to1 all -- anywhere 192.168.0.255
>>> f2to1 all -- anywhere mepisbox
>>> f2to0 all -- anywhere anywhere
>>> Chain srcfilt (2 references)
>>> target prot opt source destination
>>> s2 all -- 12.168.0.100 anywhere
>>> s0 all -- anywhere anywhere
>>
>> ----
>> wow - don't know where to fix this. You must be using some utility to
>> create this - does mepis create complex tables such as this by default?
>>
>> My first thought is that there is a switch to turn this off for testing
>> and back on again - and then a 'configuration' utility to allow for
>> adding new ports.
>>
>> a very quick check in forums at mepis shows two common utilities, guard
>> dog and firestarter. My guess is that you are using guard dog.
>>
>>> From Mepis Documentation Wiki
>>
>> What is Guarddog? From the website:
>>
>> Guarddog is a firewall configuration utility for Linux systems. Guarddog
>> is aimed at two groups of users. Novice to intermediate users who are
>> not experts in TCP/IP networking and security, and those users who don't
>> want the hastle of dealing with cryptic shell scripts and
>> ipchains/iptables parameters.
>>
>> Main Menu --> System --> Security --> Guarddog
>>
>> Can you get there and turn it off momentarily?
>>
>> Then you should be able to ping the Mepisbox from the Mandrakebox
>>
>> Then I suppose you could allow NFS (port 2049) from 192.168.0.100
>>
>> Perhaps something similar going on in Mandrakebox (firewall)
>> ----
>>
>>
>>>
>>> The router is a D-Link DI 624. I will be reviewing the manual later
>>> in the morning also. Hope this isn't one of those cases where RTFM
>>> would have been the correct response.
>>>
>>
>> ----
>> I think you can spare yourself some reading effort here...problem seems
>> to be firewall
>>
>> ;-)
>>
>> Craig
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change you mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>
>>
>
--
Lee Einer
Dos Manos Jewelry
http://www.dosmanosjewelry.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)