Redid my network, getting back SMB/NFS
    David Kramer 
    david at thekramers.net
       
    Mon Apr 11 23:46:13 EDT 2005
    
    
  
I had a SuSE 9.0 combo firewall/everything server with two ethernet ports 
(one internal, one external).  I just got a Linksys WRT54G wireless/4 port 
switch/router/firewall and put it in front of my server.  I removed one of 
the ethernet cards in my server, and hooked all the wired machines to the 
Linksys.  I disconnected my old WAP.  The internal address of my server was 
192.168.1.1, but the Linksys wants that address, so now my server's only 
card is 192.168.1.2.
So now most things are working.  I had to tweak the hell out of httpd.conf, 
etc, and rearrange some things on my firewall to allow things that weren't 
allowed before.  The main thing that's not working right is nfs.  I need to 
be able to nfs from my laptop to a directory on my server.  I had samba 
trouble but I mostly have that working.
I have a feeling what's getting in my way is that SuSEFirewall2 is not 
flexible enough to do what I want.  I need one of two different things
1) Let anything in/out for 192.168.1.*, and only let about 10 ports in from 
anywhere else.
2) No firewall on my server, and trust the Linksys alone.
I would prefer the former, but may resort to the latter.  I have a feeling I 
will have to somehow get rid of SuseFirewall2 and make my own iptables 
rules, but I don't think my iptable Kung Fu is up to that.
To get nfs working, I tried opening up one port after another as I saw them 
reported from attempting an nfs mount, but it just keeps coming up with 
other things to complain about, like so many dates I've been on.
Here are a select couplea lines from my logs
Apr 11 22:00:47 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13779 DF PROTO=TCP 
SPT=923 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C43110F0000000001030302)
Apr 11 22:02:23 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47931 DF PROTO=TCP 
SPT=924 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C44880F0000000001030302)
Apr 11 22:02:26 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47932 DF PROTO=TCP 
SPT=924 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C4493C70000000001030302)
Apr 11 22:02:32 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47933 DF PROTO=TCP 
SPT=924 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C44AB370000000001030302)
Apr 11 22:07:32 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24929 DF PROTO=TCP 
SPT=927 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C493F330000000001030302)
Apr 11 22:07:35 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24930 DF PROTO=TCP 
SPT=927 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C494AEB0000000001030302)
Apr 11 22:07:41 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24931 DF PROTO=TCP 
SPT=927 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C49625B0000000001030302)
Apr 11 22:18:48 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52636 DF PROTO=TCP 
SPT=628 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C5390900000000001030302)
Apr 11 22:19:36 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52637 DF PROTO=TCP 
SPT=628 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C544C100000000001030302)
Apr 11 22:23:43 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1890 DF PROTO=TCP 
SPT=802 DPT=710 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C580F5A0000000001030302)
Apr 11 22:23:46 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1891 DF PROTO=TCP 
SPT=802 DPT=710 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C581B120000000001030302)
Apr 11 22:23:52 uni kernel: SuSE-FW-DROP IN=eth0 OUT= 
MAC=00:e0:18:ab:37:0e:00:0e:35:1c:50:b6:08:00 SRC=192.168.1.100 
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1892 DF PROTO=TCP 
SPT=802 DPT=710 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0C5832820000000001030302)
So what should I do?
Thanks.
Side note: I *really* have to set up a dns server on my box now, because I 
can't open any of my domain names from my intranet, because they all go out 
and then back in.  I need to tell all my internal machines that all of those 
addresses map to my server, which is now 192.168.1.2.
    
    
More information about the Discuss
mailing list