[plug] Mandrake 9.0 firewall?? problem

Stephen Boak sboak at westnet.com.au
Tue Nov 26 15:18:43 WST 2002


Firstly, thanks for the help via Harry about the screensaver/crash
problem. It was the bios power management. Turned it off and now
Linux is as crashproof as it is supposed to be...

My linux background: long time user, since the yggdrasil(?) days, but
never seriously into the configuration files until I was thrown in
the deep end a few days ago to rebuild the Nannup Telecentre system
after a seriously bad hacking experience. Now possiblly ranked as an
amateur sysadmin. Sounds dangerous :)

Now the next step in the game. I'm running Mandrake 9.0 server
install with the Gnome GUI, using Samba as logon/file server for 13
PCs with w..98 installed. Samba seems ok, but I'm getting 'www
nmbd[2568]: Packet send failed to 10.0.255.255(138) ERROR=Operation
not permitted' messages in /var/log/messages. At the moment, I
suspect some firewall operation that I haven't found or don't know
about.

>From reading various posts, the things I have checked:

Samba becomes: 
logon server for workgroup USERS on subnet 10.0.0.1 OK
domain master browser for workgroup USERS on subnet 10.0.0.1 OK.
local master browser for workgroup USERS on subnet 10.0.0.1 OK.

One test W..98 PC is assigned 10.0.0.26 by dhcp (that's working)

arp is working:
arp who-has 10.0.0.1 tell 10.0.0.26
arp reply 10.0.0.1 is-at 0:10.4b:63.xx.xx

can't ping 10.0.0.26 - sendmsg: Operation not permitted

/etc/hosts contains:
127.0.0.1 localhost.localdomain localhost
10.0.0.1  www.nannuptc.org.au www

/etc/hosts.deny contains:
ALL:ALL

/etc/hosts.allow contains: 
ALL:10.0.0.1/255.255.0.0

/etc/samba/smb.conf contains no host allow/deny statements

iptables -L gives:

chain INPUT (poicy DROP)
ACCEPT all -- anywhere anywhere

chain FORWARD (poicy DROP)

chain OUTPUT (poicy DROP)
OUTPUT all -- anywhere anywhere

(shorewall firewall is installed, but is 'STOP'ed.)

from ifconfig eth0:
inet addr:10.0.0.1 Bcast:10.0.255.255 Mask:255.255.0.0

from route:
10.0.0.0  * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0   U 0 0 0 lo
(no dialup running at the moment)

Any more info will be gladly provided...

Steve




More information about the plug mailing list