Cant see linux server through gateway.

Are you sitting comfortably?

Then i'll begin......

To start off im new to linux so could any correspendence be kept to
words of one syllable!


We have a linux server at site A on IP address xx.yy.zz.aa, with a
suitable mask 255.255.255.0 and gateway address (of the router to the
rest of the network).

Users at site A can see the linux server and use it as they require,
but users at site B are unable to browse the server either via IP
address or server name, there are no firewalls in the way as it is on
an internal structure (private ISDN line).

users on site B have been able to telnet into the server and log in as
root but are unable to see the server or browse the file structure.

Anybody got any ideas as to what it could be?

Thanks in advance

Alan

In article <8e317$3f66203f$3e15ee5a$(E-Mail Removed)>,
Jan Geertsma wrote:
> firewalls are for unsure administrators, to lock out ports they forgot to
> close.

Well yes, but also for:
1. Services like rpc.portmap, which AFAIK bind to all interfaces
2. Stealthing, to hide your host on any given port (DROP v. REJECT)
3. Protection against possible TCP/IP stack vulnerabilities
4. Improved logging of attack attempts
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

"seeing linux" from a windows perspective usually means "file and printer
sharing" in windows terms... which translates to linux in SAMBA ..

In my /etc/samba/smb.conf I have to specify which interfaces
(ip-address-ranges) are allowed to login... I specified my Lan A
(192.168.1.x) but also my best friends Lan B (10.x.x.x)... excluding any
internet connections.

interfaces = 192.168.0.24/24 10.0.0.0/8

firewalls are for unsure administrators, to lock out ports they forgot to
close.

puppywhacker

"Alan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Are you sitting comfortably?
>
> Then i'll begin......
>
> To start off im new to linux so could any correspendence be kept to
> words of one syllable!
>
>
> We have a linux server at site A on IP address xx.yy.zz.aa, with a
> suitable mask 255.255.255.0 and gateway address (of the router to the
> rest of the network).
>
> Users at site A can see the linux server and use it as they require,
> but users at site B are unable to browse the server either via IP
> address or server name, there are no firewalls in the way as it is on
> an internal structure (private ISDN line).
>
> users on site B have been able to telnet into the server and log in as
> root but are unable to see the server or browse the file structure.
>
> Anybody got any ideas as to what it could be?
>
> Thanks in advance
>
> Alan

/dev/rob0 wrote:
> In article <8e317$3f66203f$3e15ee5a$(E-Mail Removed)>,
> Jan Geertsma wrote:
>
>>firewalls are for unsure administrators, to lock out ports they forgot to
>>close.

Holy smokes!

>
>
> Well yes, but also for:
> 1. Services like rpc.portmap, which AFAIK bind to all interfaces
> 2. Stealthing, to hide your host on any given port (DROP v. REJECT)
> 3. Protection against possible TCP/IP stack vulnerabilities
> 4. Improved logging of attack attempts

5. Making sure the hosts on the LAN behave, or is the admin supposed to
walk around and lock their ports too?

Many thanks for your help, I will try it shortly.

Just for my own learning experience, what is the number after the
forward slash on the IP address, im assuming it is something to do
with ports but I am unsure what.

i.e. 10.20.10.0/xx

Thanks in Advance

Alan.

On 16 Sep 2003 02:44:11 -0700, Alan <(E-Mail Removed)> wrote:

> Just for my own learning experience, what is the number after the
> forward slash on the IP address, im assuming it is something to do
> with ports but I am unsure what.
>
> i.e. 10.20.10.0/xx

It is the number of bits of the address that represent the network,
counting from the left. The remaining bits specify a host on the
network. For example, converting a network address of 10.20.10.0 and
mask of /24 to binary (note how the dots divide the address on byte
boundaries):

Addr: 0000 1010 . 0001 0100 . 0000 1010 . 0000 0000 = 10.20.10.0
Mask: 1111 1111 . 1111 1111 . 1111 1111 . 0000 0000 = 255.255.255.0

If a given address can be bitwise-ANDed with the mask to give your
network address, then it must be on your network, otherwise not. That's
how routers figure out which entries in their table match an address.
For instance, take 10.20.10.85:

Addr: 0000 1010 . 0001 0100 . 0000 1010 . 0101 0101 = 10.20.10.85
Mask: 1111 1111 . 1111 1111 . 1111 1111 . 0000 0000 = 255.255.255.0

AND: 0000 1010 . 0001 0100 . 0000 1010 . 0000 0000 = 10.20.10.0

The network address always has all zeros in the bit positions to the
right of the mask, the corresponding address with all ones in those
positions is the broadcast address (i.e. the broadcast in our example
would be 10.20.10.255). These two addresses are reserved and should not
be assigned to any device.


--
-| Bob Hauck
-| To Whom You Are Speaking
-| http://www.haucks.org/