frodon, I'm an iptable noob, could you create a rule for me that will allow absolutely anything in and out? I just wanna test if it is working at all.
frodon, I'm an iptable noob, could you create a rule for me that will allow absolutely anything in and out? I just wanna test if it is working at all.
Admirable, well prepared work --- a boon to Ubuntu users like myself (Gutsy 7.10) everywhere!
I have a Home LAN with eight systems running on switches and wireless bridges as well as one wifi laptop. The service provider is Verizon DSL and is routed through a Linksystems device. I've had trouble controlling Firestarter and would like to switch to custom management of iptables.
Question: What is the code for trusting a range of dynamically assigned intranet IP addresses as in 192.168.2.0 through 192.168.2.255? IOW, how is the local LAN trusted?
Thanks in advance,
-met
Catz3705
iptables -A TRUSTED -p tcp -s 192.168.2.* -j ACCEPT should do it i think.
@AlexC_, removing "-i ***" should have done that anyway if you want to stop the firewal type sudo /etc/init.d/firewall stop
Thanks frodon:
I'll certainly give this code a try. Firestarter on my Gutsy machine blocks my network machines and won't remain stopped. Even the XP firewalled machines don't remain stable eventhough the LAN IP's are set to be trusted. The Gutsy platform is a training deck and as such, can be sacrificial as needs be.
I appreciate the prompt response,
-met-
Catz3705
And if you know the computers of your network you have still the opportunity to filter using MAC address or if you want even more security you can use both but it may become long to write all these rules
BTW in the line i gave you i forgot the -i eth0, so it would be more something like :
Code:iptables -A TRUSTED -i eth0 -p tcp -s 192.168.2.* -j ACCEPT
frodon:
I kinda figured that out when executing the code returned an error message that the host could not be found. Also in my case, the additional note about stopping Firestarter needed to be changed to read: /etc/init.d/firestarter stop.
Security is not too big an issue since the home LAN is not exposed to the wild. The internet only sees the IP address set by the provider and the wireless system does not broadcast the network SID.
The other main task has been to get the Gutsy platform to see the Windows shares and the Windows machines be able to see and write to selected Gutsy shares. I' ve just about got that working correctly.
I plan to convert one of the other XP platforms to Ubuntu 7.10 or 8.04 and make sure that the two Linux platforms can read and write to each other as well as relating to the rest of the LAN. The ultimate object will be to take all but two machines off Windows.
Thanks again for taking your valuable time to post the correction,
-met-
Catz3705
Last edited by Catz3705; March 29th, 2008 at 03:53 AM. Reason: Typo correction
You're welcome
If you choose to use this script you should uninstall firestarter completely to avoid problems as it configures iptables too.
frodon:
The recognition problem is persistant. Disengaging (stopping) firestarter allows the local LAN pc's to see each other and exchange data. (I did discover from other posts that the when Firestarter is stopped, the GUI should be minimized and not turned off.)
Executing the above code results in the error message :BTW in the line i gave you i forgot the -i eth0, so it would be more something like :
Code:
iptables -A TRUSTED -i eth0 -p tcp -s 192.168.2.* -j ACCEPT
"iptables v1.3.6: host/network `192.168.2.*' not found"
Is it possible that the network host/router at 192.168.1.1 or the workgroup is not being referenced?
With iptables/Firestarter turned off the network shares including the Gutsy platform are interactively visible.
Your views. . .?
-met-
Catz3705
Last edited by Catz3705; March 30th, 2008 at 07:37 PM. Reason: Typo correction
frodon:
Additional note:
The network router dynamically assigns IP address 192.168.2.100 thru 192.168.2.255 to members of the workgroup and Windows pc's.Is it possible that the network host/router at 192.168.1.1 or the workgroup is not being referenced?
FYI,
-met-
Catz3705
It's the main problem with dynamic adresses and home network. I think the rule i gave you doesn't work but i'm sure allowing a range of IP is possible with iptables.
You can try that, i never tested this though :
Code:iptables -A TRUSTED -i eth0 -m iprange --src-range 192.168.2.100-192.168.2.255 -j ACCEPT
Bookmarks