[plug] Mandrake 9.0 firewall?? problem
John Usher (Maptek)
John.Usher at perth.maptek.com.au
Tue Nov 26 16:06:42 WST 2002
An 'operation not permitted' on sockets like this is usually indicative
of you not having root access.
Is your 'ping' setuid root? Have you tried the ping as root?
Having said this though, 'ping' shouldn't let you open the socket if you
don't have root access anyway. I get 'icmp open socket: Operation not
permitted' if I try that..
...Hmmm....
...John...
-----Original Message-----
From: Graham, Alan A. [mailto:Alan.Graham at woodside.com.au]
Sent: Tuesday, 26 November 2002 3:56 PM
To: 'plug at plug.linux.org.au'
Subject: RE: [plug] Mandrake 9.0 firewall?? problem
DIsclaimer. I'm not at a unix box at the moment, so I can't check this.
In both smb.conf and hosts.allow you've got 10.0.0.1 as if was a network
address. It's not, it's a host address. Network addresses are
specified
with 0 in the hosts portion. You've specified a netmask in hosts.allow
of
255.255.0.0, which implies a network portion of x.x.0.0 and a hosts
portion
of x.x.nnn.nnn, ie, an old style class B address. If you really want to
allow 65535 hosts on your network, then the network address should be
"10.0.0.0" with a netmask of "255.255.0.0".
Remember that the low value (eg 0) of the hosts portion of the address
is
reserved to mean the entire network, and high value of the hosts portion
(255.255 in your case) is reserved as the broadcast address. That's why
you're seeing 10.0.255.255 as the address in the nmbd failure message,
because nmb uses broadcasts to do discovery.
So... change smb.conf to say 10.0.0.0
Change /etc/hosts.allow to say 10.0.0.0/255.255.0.0
HTH
Alan
> -----Original Message-----
> From: Stephen Boak [SMTP:sboak at westnet.com.au]
> Sent: Tuesday, 26 November 2002 15:20
> To: plug at plug.linux.org.au
> Subject: [plug] Mandrake 9.0 firewall?? problem
>
> Firstly, thanks for the help via Harry about the screensaver/crash
> problem. It was the bios power management. Turned it off and now
> Linux is as crashproof as it is supposed to be...
>
> My linux background: long time user, since the yggdrasil(?) days, but
> never seriously into the configuration files until I was thrown in
> the deep end a few days ago to rebuild the Nannup Telecentre system
> after a seriously bad hacking experience. Now possiblly ranked as an
> amateur sysadmin. Sounds dangerous :)
>
> Now the next step in the game. I'm running Mandrake 9.0 server
> install with the Gnome GUI, using Samba as logon/file server for 13
> PCs with w..98 installed. Samba seems ok, but I'm getting 'www
> nmbd[2568]: Packet send failed to 10.0.255.255(138) ERROR=Operation
> not permitted' messages in /var/log/messages. At the moment, I
> suspect some firewall operation that I haven't found or don't know
> about.
>
> >From reading various posts, the things I have checked:
>
> Samba becomes:
> logon server for workgroup USERS on subnet 10.0.0.1 OK
> domain master browser for workgroup USERS on subnet 10.0.0.1 OK.
> local master browser for workgroup USERS on subnet 10.0.0.1 OK.
>
> One test W..98 PC is assigned 10.0.0.26 by dhcp (that's working)
>
> arp is working:
> arp who-has 10.0.0.1 tell 10.0.0.26
> arp reply 10.0.0.1 is-at 0:10.4b:63.xx.xx
>
> can't ping 10.0.0.26 - sendmsg: Operation not permitted
>
> /etc/hosts contains:
> 127.0.0.1 localhost.localdomain localhost
> 10.0.0.1 www.nannuptc.org.au www
>
> /etc/hosts.deny contains:
> ALL:ALL
>
> /etc/hosts.allow contains:
> ALL:10.0.0.1/255.255.0.0
>
> /etc/samba/smb.conf contains no host allow/deny statements
>
> iptables -L gives:
>
> chain INPUT (poicy DROP)
> ACCEPT all -- anywhere anywhere
>
> chain FORWARD (poicy DROP)
>
> chain OUTPUT (poicy DROP)
> OUTPUT all -- anywhere anywhere
>
> (shorewall firewall is installed, but is 'STOP'ed.)
>
> from ifconfig eth0:
> inet addr:10.0.0.1 Bcast:10.0.255.255 Mask:255.255.0.0
>
> from route:
> 10.0.0.0 * 255.255.0.0 U 0 0 0 eth0
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
> (no dialup running at the moment)
>
> Any more info will be gladly provided...
>
> Steve
>
>
>
>
> --
> This email was received from the Internet. If this email is
unsolicited,
> non-business related, inappropriate or spam, please forward it to
> spamfilter at woodside.com.au
More information about the plug
mailing list