'Re: [Ltsp-discuss] Shorewall firewall blocking TFTP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ltsp-discuss
Subject:    Re: [Ltsp-discuss] Shorewall firewall blocking TFTP
From:       Chris Welsh <cpwe () deakin ! edu ! au>
Date:       2003-02-27 12:28:21
[Download RAW message or body]

Conrad Lawes wrote:

> Tom, I agree with you.  I decided to use the LTSP server as a 
> NAT/Firewall server because my cable router didn't have enough ports 
> to connect all my computers to  it.
>
> In the end, I had to modify the Shorewall policy to accept ALL traffic 
> from the LTSP LAN.
>
> I am, however, still interested to learn how to configure Shorewall to 
> accommodate LTSP clients.
>
>  
>
>  */Tom Brown <tbrown@michiana.org>/* wrote:
>
>     I know nothing about shorewall. What I do know is that (imho) you are
>     better off placing the firewall on a separate machine between your
>     router
>     and your ltsp server. One of our volunteers at FREE GEEK MICHIANA
>     has an
>     LTSP server behind a firewall behind a cable modem. He (Goose) put his
>     firewall-on-a-floppy on an old IBM PC 330 (P90, 32mb) with two
>     nics. It
>     works well.
>
>     Tom
>
>     At 11:14 AM 2/22/03 -0500, Conrad Lawes wrote:
>     >I'm running LTSP on a multi-home server running Mandrake 9.0.
>     >
>     >configuration:
>     >eth0 192.168.1.108 (external) connected to cable router.
>     >eth1 192.168.0.1 (internal) LTSP LAN
>     >
>     >I installed and configured the shorewall firewall package and all
>     the LTSP
>     >clients fail to boot because TFTP traffic is being blocked by
>     shorewall.
>     >
>     >I assume that /etc/shorewall/rules & /etc/shorewall/policies
>     files must be
>     >updated to accept TFTP communication but my fiddling has not
>     worked thus
>     >far.
>     >
>     >Does anyone know how to correct this problem?
>     >
>     >TIA.
>     >
>     >
>     >
>     >
>     >
>     >
>     >-------------------------------------------------------
>     >This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
>     >The most comprehensive and flexible code editor you can use.
>     >Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day
>     Trial.
>     >www.slickedit.com/sourceforge
>     >_____________________________________________________________________
>     >Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
>     > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
>     >For additional LTSP help, try #ltsp channel on irc.freenode.net
>     >
>
>
>
>
>
>     -------------------------------------------------------
>     This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
>     The most comprehensive and flexible code editor you can use.
>     Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
>     www.slickedit.com/sourceforge
>     _____________________________________________________________________
>     Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
>     https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
>     For additional LTSP help, try #ltsp channel on irc.freenode.net
>
>
>
>
> Conrad Lawes
>
>
> ------------------------------------------------------------------------
> Do you Yahoo!?
> Yahoo! Tax Center 
> <http://rd.yahoo.com/finance/mailtagline/*http://taxes.yahoo.com/> - 
> forms, calculators, tips, and more 

Hello Tom, Conrad and others,

You probably solved this one by now.

I had this problem too. To fix it I edited the /etc/shorewall/rules 
(Mandrake 9.0)  file and added

ACCEPT  loc     fw      udp     53,69   -
ACCEPT  loc     fw      tcp      80,443,53,69    -
ACCEPT  fw      loc     udp     53,69   -
ACCEPT  fw      loc     tcp      53,69    -

Note checkout mainly port 69 (TFTP)


You probably need to add nfs rules for your local net too.

On a side note. I would be really grateful if one or more of you folk 
could port scan my PC tonight, just to make shure it's locked down. I 
know it is not recommended, but its connected to the internet via a 
dialup and serving as a gate way for my home network. My IP address 
tonight is 203.123.71.241


TA
Chris





-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_____________________________________________________________________
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic