I have an Intel x86_64 system running rhel 7.0 I want to use this system as a Firewall. The system has two NICs. one NIC is defined with the static IP address from my ISP. The other NIC is also static i.e. no dhcp, and is assigned a LAN addrs of 192.168.10.6 It is plugged into a switch (192.168.10.1) that has other three devices plugged in. Each with it's own hard-coded LAN address (Netmask is 255.255.255.0) I have two zones active in the firewall config External (using the static ip from the ISP) and Internal (using the IP addrs of 192.168.10.6) I'm forwarding the following two ports 80 & 443 in both zones. External zone: ports 80 & 443 are forwarded to my switch (192.168.10.1) Internal zone: ports 80 & 443 are forwarded to my static IP addrs from my ISP. I have IP masquerading turned on in the External zones. However none of the other workstations (Windows 7 professional) and my "smart" TV (netflix access) are able to access the internet. Again I'm NOT using any dhcp, all IP addresses are hard coded. I can ping any LAN address from any LAN node. The Linux FW machine can access the internet. I've read thru the RHEL 7.0 Security guide regarding setting up the firewall and I believe I have all the elements defined properly ... It just doesn't work. I have the same set of DNS values defined on all systems.
They are the three DNS servers assigned by my ISP. I have ipv4 forwarding active on my Linux system. I have masquerading "turned on" in the External zone. The resolv.conf file has the ip addresses of the DNS servers as well as my switch.
However the windows 7 systems and my "smart" TV cannot access the internet.
Anyone who's really familiar with rhel firewall-config GUI and has any suggestions please respond.
Thanks
Guy
I have been flailing trying to get a web server running on Fedora 21.
Finally did so.
I have my iptables working (me thinks) as they should. I can connect from my Linux box (local) or from my Mac on the same network/subnet.
Problem is in my "travels" I have somehow trashed my firewall-cmd.
I was adding parameters to it w/o issue. E.G
firewall-cmd --zone=public --add-port=80/tcp --permanent
Then restarting firewall-cmd
firewall-cmd --realod
This was all working. I "fixed" my problem with connecting to my web server from other LAN workstations (iptables issues) and was going back to see if all was well. Now when I try to restart I get a:
FirewallD is not running
That from my "reload" command above.
Have I fixed my web server issue or is my world wide open att?
Assistance, as always, greatly appreciated.
Skip
I am trying to build a socket to retrieve the ethernet packets from ecu. When i run my code on windows there is no problem and the code runs correctly. But when i run my code on Linux it gets stuck at s.recv(65565). I have already set static ip in /etc/network/interfaces as follows: iface eth0 inet static address 160.48.199.91 netmask 255.255.255.0 gateway 160.48.199.254
I tried a simple code of socket on raspberry pi. but it still gets stuck at s.recv(65565). I also tried to implement the program using multicast. but the problem is that when i create a socket for icmp protocols then I could see the data from the ECU after using command "ping -I echo 239.192.255.251" in another terminal. (where 239.192.255.251 is the multicast address) But when I change the socket protocol type to udp, tcp or raw then it again gets stuck at s.recv().
Imp: When i run the "netstat -s" command in terminal then i could see that there are 0 messages received for udp and tcp. But in Wireshark i could see the udp messages from ECU. Is linux killing all the udp and tcp packets ? How should i solve this ?
(complete setup is connected as: ECU ---> Media converter ---> Raspberry Pi. There is no LAN, no firewall, no internet)
Could anyone please help me with this problem ?
Hi,
I'm on WMware workstation with debian Wheezy.
I have a problem when a restart the Dchp.
It said Bad subnet number/mask combination.
This is logs:
root@debian-main:/# /etc/init.d/isc-dhcp-server restart
dhcpd self-test failed. Please fix /etc/dhcp/dhcpd.conf.
The error was:
Internet Systems Consortium DHCP Server 4.3.1
Copyright 2004-2014 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid
/etc/dhcp/dhcpd.conf line 50: subnet 192.168.10.1 netmask 255.255.255.0: bad subnet number/mask combination.
subnet 192.168.10.1 netmask 255.255.255.0{
^
Configuration file errors encountered -- exiting
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging..
exiting.
And this my file dhcpd.conf:
# A slightly different configuration for an internal subnet.
subnet 192.168.10.1 netmask 255.255.255.0{
range 192.168.10.1 192.168.10.15;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
option routers 192.168.10.254;
option broadcast-address 192.168.10.255;
default-lease-time 600;
max-lease-time 7200;
}
For me it's the good subnet number/mask combination.
Can you help me please?
Thanks you,
Pierrick
Using a Raspberry Pi w/ Debian
Read the manual and several "how-to"s and am getting nowhere
vsftp is running and making a log file. I can get to the Pi with putty or SAMBA
Ultimately want to be able to both(I) ftp in under the "pi" user to access files remotely and (II) have people sending me huge files ftp them in anonymously
Have tried (I) the ftp client in Windows 7 Internet explorer 11, (ii) the ftp client in the Windows 7 "map network drive" UI, and (iii) ES file explorer on my Android phone.
The android phone tells me there is no server there. Windows 7 gets no password challenge, gives no error indication, but does nothing useful. The vsftpd log file shows some attempt by the Windows machine, nothing for the Android.
Config file and log file attached.
The Android is trying to use port 21, the config file mentions something about port 20. Which ports do I need to forward in my router to enable remote access?
Any help appreciated.
Thanks. Jonathan
Hi,
I am running a centOS 6 server , with public ip as web-server. Sometimes the ftp service & firewall ( system-config-firewall) gets dead /crashed.
i have to start messagebus service in-order to start firewall.
what is the real cause of this issue ? Dos attack ?
netstat doesn't show any unusual ip connections
The two charge controllers for my solar system are connected to my router allowing my computer to access them for data gathering. Using the address required in Windows is "tsmppt13190256/" for one of them ( tsmppt plus the serial number ). This address works with all browsers with windows .
Using the same browser on various Linux machines yields "web page not found" Morningstar ,who makes these excellent controllers , says they support only Windows. I've tried using the numbered ( 4 groups of 4 digits ) equal and even the "tiny URL" but nothing works .
I've tried adding ".,com " and HTTP:// "
How can I how can I get my Linux browsers to accept this address ?
Thanks a lot .
Ralph
hi,
I am using fedora core 20. To access desktop from remote I followed the instructions mentioned in the website.
http://hex.ro/wp/blog/fedora-20-remo...rom-windows-7/
1. Settings -> System -> Sharing – enable Sharing then for Screen Sharing enable it and then enable all checkboxes
2. Added port in firewall
#firewall-cmd --add-service=vnc-server
3. Set the command
# gsettings set org.gnome.Vino require-encryption false
From other machine, using Tight vncviewer when I entered the IP address of this machine, I get full black screen. Please help me in this regards.
Thanks in advance.
uv.
I recently bought a WD external hard drive for storing file of several types. Using gparted I made two partitions, one ntfs for windows files and an ext 4 for linux files. Strangely, I have complete access to ntfs partition from linux side of duel boot system, but do not have permission to access ext4 partition. My root password does not work when I use su to gain root access. It works fine on built in hard drive.
I have a PC with around 2 GB of RAM, a hard drive, a DVD drive, and USB ports, in a remote vacation home with no Internet access. I would like to install either Mint or Ubuntu and applications like LibreOffice.
In my permanent residence, I use Win 8.1 in a PC with internet access and Virtualbox to run other operating systems. I can use this to prepare the installation disks.
Is it possible to install the OS and then install software from a DVD or USB drive to a PC without Internet access? Also, is it possible to come up with a customized install disk containing the OS and software to install? If so, how do I go about preparing the installation disks?
Thanks for the help.
Hello
I have a few folders that I would like allow only access to certain ip schema
like for example
-folder "Products" allow access only to 10.10.20.x
-folder "Customers" allow access only to 10.10.21.x
Can this be dome using Samba?
machines connecting are windows machine from different networks coming true vpn
Thank you
-Fred