On Tuesday 07 September 2004 13:34, you wrote:
Honestly, I am not sure about the GUI for configuring the trusted hosts... I usually just edit the config manually.
Could you clue me on either the entry into the config file, where the config file is, and how to restart the Firewall after the changes .... or to docs that i can find this information in? Thank you so much for your continued help, Herman. john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
On Tuesday 07 September 2004 13:49, John N. Alegre wrote:
Could you clue me on either the entry into the config file, where the config file is, and how to restart the Firewall after the changes .... or to docs that i can find this information in? RYFM John!!!
Ok I found the section on FW_TRUSTED_NETS and I think I understand the entries. Since there is really only one OS X box that needs to get past the Firewall I am guessing that the entry FW_TRUSTED_NETS="XXX.XX.XXX.XX" with the static IP of that machine is the correct entry. Question is how do I stop and restart the Firewall to reread the config file after competing the entry, or do I have to reboot? john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
On Tuesday 07 Sep 2004 20:03 pm, John N. Alegre wrote:
On Tuesday 07 September 2004 13:49, John N. Alegre wrote:
Could you clue me on either the entry into the config file, where the config file is, and how to restart the Firewall after the changes .... or to docs that i can find this information in?
RYFM John!!!
Ok I found the section on FW_TRUSTED_NETS and I think I understand the entries. Since there is really only one OS X box that needs to get past the Firewall I am guessing that the entry
FW_TRUSTED_NETS="XXX.XX.XXX.XX" with the static IP of that machine is the correct entry.
Question is how do I stop and restart the Firewall to reread the config file after competing the entry, or do I have to reboot?
Try: rcSuSEfirewall2 restart Dylan
john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
-- "I see your Schwartz is as big as mine" -Dark Helmet
First let me thank Herman and Dylan for kicking me in the correct direction. I will try to summerize things here. The issue was mounting NFS volumes on a OS X system. The first error I made was the assumption that setting the Internal Interface in Yast SuSEfirewall configuration meant that all internal LAN machines would be exempt from the firewall. The only two services I allowed in the Yast configuration where smtp and ssh. Up to now these are the only two things I have used from the LAN. I set up my /etc/exports file correctly /home/ *(rw,root_squash,sync) but could not mount this on the OS X system. The answer was to add the entry FW_TRUSTED_NETS="XXX.XXX.XXX.XXX" with the XXX stuff being the static IP of the machine I wanted to mount the exported drives from. I then did a rcSuSEfirewall2 restart and every thing works fine. I hope this will help someone else get past this issue in the future. john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
On Tuesday 07 Sep 2004 20:48 pm, John N. Alegre wrote:
First let me thank Herman and Dylan for kicking me in the correct direction. I will try to summerize things here.
The issue was mounting NFS volumes on a OS X system.
The first error I made was the assumption that setting the Internal Interface in Yast SuSEfirewall configuration meant that all internal LAN machines would be exempt from the firewall. The only two services I allowed in the Yast configuration where smtp and ssh. Up to now these are the only two things I have used from the LAN.
I set up my /etc/exports file correctly
/home/ *(rw,root_squash,sync)
From what you have said about your set up, this effectively opens your home directories to the world - literally. Yes, the firewall will mitigate that, but it's a hole to plug. I'd use: /home/ xxx.yyy.zzz.aaa/bb(...) to restrict it to the machine(s) you really want to be allowed in Dylan
but could not mount this on the OS X system.
The answer was to add the entry
FW_TRUSTED_NETS="XXX.XXX.XXX.XXX" with the XXX stuff being the static IP of the machine I wanted to mount the exported drives from. I then did a
rcSuSEfirewall2 restart
and every thing works fine.
I hope this will help someone else get past this issue in the future.
john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
-- "I see your Schwartz is as big as mine" -Dark Helmet
On Tuesday 07 September 2004 14:55, Dylan wrote:
From what you have said about your set up, this effectively opens your home directories to the world - literally. Yes, the firewall will mitigate that, but it's a hole to plug. I'd use:
/home/ xxx.yyy.zzz.aaa/bb(...)
to restrict it to the machine(s) you really want to be allowed in Thanks again Dylan,
I changed it to /home/ xxx.yyy.zzz.aaa(rw,root_squash,sync) ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
On Tuesday 07 September 2004 12:48 pm, John N. Alegre wrote:
First let me thank Herman and Dylan for kicking me in the correct direction. I will try to summerize things here.
FW_TRUSTED_NETS="XXX.XXX.XXX.XXX" with the XXX stuff being the static IP of the machine I wanted to mount the exported drives from. I then did a
rcSuSEfirewall2 restart
and every thing works fine.
Works fine for me to. Rich
I hope this will help someone else get past this issue in the future.
john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
-- C. Richard Matson
participants (3)
-
C. Richard Matson
-
Dylan
-
John N. Alegre