Hi I''m new to Linux (terminally frustrated Windows user) and have recently installed PClinuxOS on two machines at home. I''ve set up NFS shared home directories on both machines, which I can mount and access fine only when Shorewall is stopped. I''ve read a few guides on Shorewall configuration, including those at shorewall.net, and tried everything that made sense, to no avail - Shorewall blocks the mount requests. I''m thinking that the problem is with my environment (although it was working under Windows with File Sharing). I have the two computers attached via a Netgear 4 port hub. The hub is also attached to a Motorolla Cable Modem for Internet access. I don''t have a domain, (under Windows the sharing was done via a Workgroup) and the two computers have very different static IP''s assigned by Comcast, my ISP. The PClinuxOS install automatically set up eth0 and the Internet connections worked fine. Is there a way to tell Shorewall to allow the loc lan accesses on the same interface (eth0) as the net? A way to add another interface (with just the Netgear hub) ? I have tried using "-" for zone in the interfaces file, and adding "loc:123.456.789.01" and "net detect" in the hosts file but that results in a syntax error for the net zone. If this can''t be configured, should I modify my environment? I would like to keep the seperate IP address scheme for the two computers, (rather than set up one of them as a "gateway") as this allows Internet access from either machine without having to turn the other on. (Past hardware problems argue for keeping the seperation) My workaround is to just stop Shorewall when I want to use the NFS shares, which I could live with if I had to. Any suggestions on changes to try or other sites/forums to visit would be appreciated. Thanks for any help - Mike ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Michael Harrison wrote:> Hi > I''m new to Linux (terminally frustrated Windows user) and have recently > installed PClinuxOS on two machines at home. I''ve set up NFS shared > home directories on both machines, which I can mount and access fine > only when Shorewall is stopped. I''ve read a few guides on Shorewall > configuration, including those at shorewall.net <http://shorewall.net>, > and tried everything that made sense, to no avail - Shorewall blocks the > mount requests. > > I''m thinking that the problem is with my environment (although it was > working under Windows with File Sharing). I have the two computers > attached via a Netgear 4 port hub. The hub is also attached to a > Motorolla Cable Modem for Internet access. I don''t have a domain, (under > Windows the sharing was done via a Workgroup) and the two computers have > very different static IP''s assigned by Comcast, my ISP. > > The PClinuxOS install automatically set up eth0 and the Internet > connections worked fine. Is there a way to tell Shorewall to allow the > loc lan accesses on the same interface (eth0) as the net? A way to add > another interface (with just the Netgear hub) ? > > I have tried using "-" for zone in the interfaces file, and adding > "loc:123.456.789.01" and "net detect" in the hosts file but that results > in a syntax error for the net zone.I''m a but unclear about the configuration. You have two independent machines on a hub that is cabled to the cable modem. Is there a third system that hosts the NFS-mounted home directories or is one of the machines hosting them? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Hi Tom, Thanks for your reply. It took a while for it to sink in, but I finally realized that I don''t, in fact, need two zones to accomplish what I want. Because each machine is independent with it''s own statis IP address (each is both a server and a client to the other) they each have their own (personal) firewall operating. So, I have no change to the default /interfaces file nor the default /zones file. My only change is to /rules on each machine, to accept traffic from the other machine: ACCEPT net:99.69.169.123 fw all ACCEPT fw:99.69.169.123 net all I can do NFS file sharing and printer sharing, still in STEALTH mode (GRC test). Perhaps this info will help the next newbie with a similar problem. Thanks again Mike On Sat, Apr 25, 2009 at 3:00 PM, Tom Eastep <teastep@shorewall.net> wrote:> Michael Harrison wrote: > > Hi > > I''m new to Linux (terminally frustrated Windows user) and have recently > > installed PClinuxOS on two machines at home. I''ve set up NFS shared > > home directories on both machines, which I can mount and access fine > > only when Shorewall is stopped. I''ve read a few guides on Shorewall > > configuration, including those at shorewall.net <http://shorewall.net>, > > and tried everything that made sense, to no avail - Shorewall blocks the > > mount requests. > > > > I''m thinking that the problem is with my environment (although it was > > working under Windows with File Sharing). I have the two computers > > attached via a Netgear 4 port hub. The hub is also attached to a > > Motorolla Cable Modem for Internet access. I don''t have a domain, (under > > Windows the sharing was done via a Workgroup) and the two computers have > > very different static IP''s assigned by Comcast, my ISP. > > > > The PClinuxOS install automatically set up eth0 and the Internet > > connections worked fine. Is there a way to tell Shorewall to allow the > > loc lan accesses on the same interface (eth0) as the net? A way to add > > another interface (with just the Netgear hub) ? > > > > I have tried using "-" for zone in the interfaces file, and adding > > "loc:123.456.789.01" and "net detect" in the hosts file but that results > > in a syntax error for the net zone. > > I''m a but unclear about the configuration. You have two independent > machines on a hub that is cabled to the cable modem. Is there a third > system that hosts the NFS-mounted home directories or is one of the > machines hosting them? > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensign option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
NFS is truly excellent. I can copy files from one Linux PC to another with speed of 80-88Mbps on network rated 100MBps. I use Krusader''s automount option and have added mount point in fstab. NFS''s shares are IP oriented so you can add share "/" for one IP/subnet but to be invisible to the rest of the world. Michael Harrison wrote:> Hi Tom, > > Thanks for your reply. It took a while for it to sink in, but I finally > realized that I don''t, in fact, need two zones to accomplish what I > want. Because each machine is independent with it''s own statis IP > address (each is both a server and a client to the other) they each have > their own (personal) firewall operating. > So, I have no change to the default /interfaces file nor the default > /zones file. My only change is to /rules on each machine, to accept > traffic from the other machine: > > ACCEPT net:99.69.169.123 fw all > ACCEPT fw:99.69.169.123 net all > > I can do NFS file sharing and printer sharing, still in STEALTH mode > (GRC test). > > Perhaps this info will help the next newbie with a similar problem. > > Thanks again > Mike > > On Sat, Apr 25, 2009 at 3:00 PM, Tom Eastep <teastep@shorewall.net > <mailto:teastep@shorewall.net>> wrote: > > Michael Harrison wrote: > > Hi > > I''m new to Linux (terminally frustrated Windows user) and have > recently > > installed PClinuxOS on two machines at home. I''ve set up NFS shared > > home directories on both machines, which I can mount and access fine > > only when Shorewall is stopped. I''ve read a few guides on Shorewall > > configuration, including those at shorewall.net > <http://shorewall.net> <http://shorewall.net>, > > and tried everything that made sense, to no avail - Shorewall > blocks the > > mount requests. > > > > I''m thinking that the problem is with my environment (although it was > > working under Windows with File Sharing). I have the two computers > > attached via a Netgear 4 port hub. The hub is also attached to a > > Motorolla Cable Modem for Internet access. I don''t have a domain, > (under > > Windows the sharing was done via a Workgroup) and the two > computers have > > very different static IP''s assigned by Comcast, my ISP. > > > > The PClinuxOS install automatically set up eth0 and the Internet > > connections worked fine. Is there a way to tell Shorewall to > allow the > > loc lan accesses on the same interface (eth0) as the net? A way > to add > > another interface (with just the Netgear hub) ? > > > > I have tried using "-" for zone in the interfaces file, and adding > > "loc:123.456.789.01" and "net detect" in the hosts file but that > results > > in a syntax error for the net zone. > > I''m a but unclear about the configuration. You have two independent > machines on a hub that is cabled to the cable modem. Is there a third > system that hosts the NFS-mounted home directories or is one of the > machines hosting them? > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensign option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > > > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf