Thankx
I solved the problem by removing firewall and now trying to include
firewall settings step by step
Vaneet
-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Ryan
Sent: Monday, May 23, 2005 10:35 AM
To: CentOS mailing list
Subject: Re: [CentOS] RE: Wireless Networking
> 1) I am not able to connect to my Centos Server BOX through Secure
CRT > 2) I am not able to connect to my Centos using FTP.
Try configuring port forwarding on the router instead of DMZ. For SSH ,
forward port 22 to the 192.x address our centos machine is on.
Make sure iptables has 22 open in its firewall settings.
Vaneet Sharma wrote:> Dear All,
>
> I have one centos box ( centos 4.0 ) which is connected to MSI
> wireless router....... And which is connected to my ISP MODEM. I
> incorporated wireless router so that I can use my laptop from any of
> my rooms.
>
> Now this Centos 4.0 box is my home server machine.
>
> The MSI Wireless Router has DHCP server enabled. Wireless router has
> provided each address to my machines basically internal IP address
> like 192.168.1.xx TO 192.168.1.xx. The wireless router has an
> external IP which can be reached at : http://84.255.28.48:8080. I
> configured DMZ settings in wireless router... Which basically is
> mapping my Centos Box internal IP ( 192.168.1.XX ) to public IP (
> 84.255.28.48 )
>
> Now the problem is the following:
>
> how will my centos machine listen to this public IP ? Do I have to set
> up firewall settings?> Ifconfig on centos gives me internal IP. I need
> to know what routing settings I need to do and where ?
>
> 1) I am not able to connect to my Centos Server BOX through Secure CRT
> 2) I am not able to connect to my Centos using FTP.
>
> Kind regards
> Vaneet
>
>
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Maciej Zenczykowski
> Sent: Friday, May 20, 2005 5:39 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Iptables - PREROUTING
>
>
> okay, first of all you shouldn't do it in a script,
> instead you should be modifying /etc/sysconfig/iptables
> and using /etc/init.d/iptables start/stop
>
> and add ip_nat_ftp to the proper spot (modules to load) in
> /etc/sysconfig/iptables-config
>
> next you need to rewrite the following for iptables-save/restore
> format
>
> *nat
> :PREROUTING ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
>
> [spot for nat rules]
>
> COMMIT
>
> *filter
> :INPUT DROP [0:0]
> :FORWARD DROP [0:0]
> :OUTPUT ACCEPT [0:0]
>
> [spot for filter rules]
>
> COMMIT
>
>
> [in the filter rules:]
> -A INPUT -i lo -j ACCEPT
>
> # the following is _not_ nice
> -A INPUT -i eth0 -p ICMP --icmp-type echo-request -j DROP
>
> -A INPUT -i eth0 -s rango_ip/29 -d 0/0 -p all -j ACCEPT
> -A INPUT -i eth1 -s 172.16.0.0/24 -d 172.16.0.211/32 -p all -j ACCEPT
>
>
> [above in the nat spot]
> -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.16.0.3:80 -A
> PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 172.16.0.3:443
>
>
> [again in the filter spot]
> -A FORWARD -i eth1 -p tcp -s 172.16.0.0/24 --dport 80 -j ACCEPT -A
> FORWARD -i eth1 -p tcp -s 172.16.0.0/24 --dport 443 -j ACCEPT
>
> -A FORWARD -i eth1 -p tcp -s 172.16.0.0/24 --dport 53 -j ACCEPT -A
> FORWARD -i eth1 -p udp -s 172.16.0.0/24 --dport 53 -j ACCEPT
>
> You _DO_ _NOT_ WANT TO ACCEPT everything from port 53 - I can break
> through this firewall in 5 seconds.
> -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
> -A INPUT -p udp -m udp --dport 53 -j ACCEPT
>
> same here, plus squid doesn't use udp
> -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
>
> the default should be to drop
>
> -A INPUT -j LOG --log-level info
> -A OUTPUT -j LOG --log-level info
> -A FORWARD -j LOG --log-level info
>
> [in nat again]
> -A POSTROUTING -s 172.16.0.6/32 -o eth0 -j MASQUERADE
> -A POSTROUTING -s 172.16.0.10/32 -o eth0 -j MASQUERADE
> -A POSTROUTING -s 172.16.0.9/32 -o eth0 -j MASQUERADE
>
>
> this should be in /etc/sysctl.conf
>
>>echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> do the above changes and repost with what you have and we'll go from
> there...
>
> Cheers,
> MaZe
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
>
>
> Vaneet Sharma
> executive manager
> iDeasTank Limited
> an iwg business
> dolphins' court po 388
> valletta, m-malta/europe
> mobile: +356 9943 8263
> skype: CALLVANEET
> fax: +356 9952 8888
> phone: +356 9942 8888
>
> vaneet at iwg.info
> call me on www.skype.com - my ID is CALLVANEET
>
> Want a signature like this? - www.plaxo.com\signature
>
> iwg is a global e-mobile company creating, building and growing new
> businesses. iwg founders are pioneers in creating multi-billion
> dollar mobile and Internet businesses in Europe, Asia and the US.
>
> www.iWG.info
> www.countryprofiler.com/iWG
> www.visitmalta.com
> www.mfc.com.mt
>
>
> Privileged/Confidential Information may be contained in this message.
> If you are not the addressee indicated in this message (or responsible
> for delivery of the message to such person), you may not copy or
deliver this message to anyone. In such case, you should destroy this
message and kindly notify the sender by reply email.
_______________________________________________> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
_______________________________________________
CentOS mailing list
CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
Vaneet Sharma
executive manager
iDeasTank Limited
an iwg business
dolphins' court po 388
valletta, m-malta/europe
mobile: +356 9943 8263
skype: CALLVANEET
fax: +356 9952 8888
phone: +356 9942 8888
vaneet at iwg.info
call me on www.skype.com - my ID is CALLVANEET
Want a signature like this? - www.plaxo.com\signature
iwg is a global e-mobile company creating, building and growing new businesses.
iwg founders are pioneers in creating multi-billion dollar mobile and Internet
businesses in Europe, Asia and the US.
www.iWG.info
www.countryprofiler.com/iWG
www.visitmalta.com
www.mfc.com.mt