Verner wrote
fire up Konqueror and in the url line type: fish://IP-of-that-other-machine-on-your-local-net.
Both machines have the same IP 127.0.0.2 according to /etc/hosts The HOSTNAMEs are different, rwb.site and fam.site fish://127.0.0.2 gives my own machine rwb.site fish://fam.site gives error, cannot connect James wrote
Any 127.x.x.x is your local computer. It is not another computer across the network. There has to be some other address. A lot of people running behind firewalls use 192.168.x.x or 10.x.x.x. If you're connected to the internet, there has to be some other address used, beyond 127.0.0.2.
Kenneth wrote
Use ip a to see what address your eth interface is using.
rwb:~> ip a 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue ...... 2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc ...... inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0 ...... fam:~> ip a ...... inet 192.168.1.64/24 brd 192.168.1.255 scope global eth0 with 64 instead of 65. rwb:~> ping 192.168.1.64 sends and receives packets fish://192.168.1.64 works !!! but only after tearing down the firewall fam:~> SuSEfirewall2 stop Robert -- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Robert Best wrote:
rwb:~> ip a 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue ...... 2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc ...... inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0 ......
fam:~> ip a ...... inet 192.168.1.64/24 brd 192.168.1.255 scope global eth0 with 64 instead of 65.
rwb:~> ping 192.168.1.64 sends and receives packets
fish://192.168.1.64 works !!!
Hi Robert, Congratulations!!! It's easy, isn't it?
but only after tearing down the firewall on machine fam, I assume? That is ok, if your internet router acts as a firewall for your local network. If you feel better enabling the firewall on fam, you need to allow ssh traffic on port 22 as has already been said in another mail. You can do that easily with yast on machine fam.
fam:~> SuSEfirewall2 stop
Robert regards Eberhard
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Eberhard, it is not easy. On Saturday 16 June 2007 17:53, Eberhard Roloff wrote:
Robert Best wrote:
rwb:~> ip a 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue ...... 2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc ...... inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0 ......
fam:~> ip a ...... inet 192.168.1.64/24 brd 192.168.1.255 scope global eth0 with 64 instead of 65.
rwb:~> ping 192.168.1.64 sends and receives packets
fish://192.168.1.64 works !!!
Hi Robert,
Congratulations!!! It's easy, isn't it?
No. Kenneth on this list learned me about the command ip a which is not mentioned in O'Reilly's Nutshell or the SuSE manual. Ch 21, Basic Networking in the Reference documentation should include info about how to find unknown IP addresses of computers in a LAN.
but only after tearing down the firewall
on machine fam, I assume? That is ok, if your internet router acts as a firewall for your local network.
It is a Speedtouch ADSL modem. Don't know about firewall capabilities.
If you feel better enabling the firewall on fam, you need to allow ssh traffic on port 22 as has already been said in another mail. You can do that easily with yast on machine fam.
No. I can't find it in YaST2 / Security and Users / Firewall.
fam:~> SuSEfirewall2 stop
Robert
regards Eberhard
Kind regards, Robert -- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 2007-06-17 at 10:52 +0100, Robert Best wrote:
Eberhard, it is not easy.
As in all things it is easy once you know how.
On Saturday 16 June 2007 17:53, Eberhard Roloff wrote:
Robert Best wrote:
rwb:~> ip a 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue ...... 2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc ...... inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0 ......
fam:~> ip a ...... inet 192.168.1.64/24 brd 192.168.1.255 scope global eth0 with 64 instead of 65.
rwb:~> ping 192.168.1.64 sends and receives packets
fish://192.168.1.64 works !!!
For a simple lan use the file /etc/hosts to define your PCs. # IP-Address Full-Qualified-Hostname Short-Hostname First column has the IP address of the PC, the second column has the full name and the third is the short/alias name. In your case the lines would look like: 192.168.1.64 fam.homelan.com fam 192.168.1.65 rwb.homelan.com rwb The domain homelan.com can be different and is only used as an example. Your install will have something different by default. Also check the file /etc/nsswitch.conf for a line that starts with hosts: and make sure it looks like this: hosts: files This will make sure the the PC uses the /etc/hosts file for local name resolution. Form any changes made to the /etc/hosts file they are automatically used without restarting anything or rebooting. If you still have problems let us know. As far as the ADSL Speedtouch it should suffice as a firewall for you. Good luck, -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 2007-06-17 at 08:16 -0400, Kenneth Schneider wrote:
On Sun, 2007-06-17 at 10:52 +0100, Robert Best wrote:
Eberhard, it is not easy.
As in all things it is easy once you know how.
On Saturday 16 June 2007 17:53, Eberhard Roloff wrote:
Robert Best wrote:
rwb:~> ip a 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue ...... 2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc ...... inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0 ......
fam:~> ip a ...... inet 192.168.1.64/24 brd 192.168.1.255 scope global eth0 with 64 instead of 65.
rwb:~> ping 192.168.1.64 sends and receives packets
fish://192.168.1.64 works !!!
For a simple lan use the file /etc/hosts to define your PCs.
# IP-Address Full-Qualified-Hostname Short-Hostname
First column has the IP address of the PC, the second column has the full name and the third is the short/alias name. In your case the lines would look like:
192.168.1.64 fam.homelan.com fam 192.168.1.65 rwb.homelan.com rwb
The domain homelan.com can be different and is only used as an example. Your install will have something different by default. Also check the file /etc/nsswitch.conf for a line that starts with hosts: and make sure it looks like this:
hosts: files
Sorry my cut-n-paste got chopped off, it should read: hosts: files dns
This will make sure the the PC uses the /etc/hosts file for local name resolution. Form any changes made to the /etc/hosts file they are automatically used without restarting anything or rebooting.
If you still have problems let us know.
As far as the ADSL Speedtouch it should suffice as a firewall for you.
Good luck,
-- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 17 June 2007 13:16, Kenneth Schneider wrote:
As far as the ADSL Speedtouch it should suffice as a firewall for you. Really? Firewall software on the computers connected to the router are superfluous?
Robert -- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Robert Best wrote:
On Sunday 17 June 2007 13:16, Kenneth Schneider wrote:
As far as the ADSL Speedtouch it should suffice as a firewall for you. Really? Firewall software on the computers connected to the router are superfluous?
Robert Hi Robert,
well not directly superfluos. For instance, there could be situations, where you want to protect a machine, e.g. a server from attacks that come from your private internal network. Otherwise, your speedtouch sort of "isolates" your private 192.168.x.x network from the offical internet. So if you trust your family members and as long as you are using Linux ;-))), I would indeed say that you do not need a firewall on each machine, as long as your speedtouch serves as a firewall for your internal network. So it is not superfluous but it depends ;-)) kind regards Eberhard -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Robert, we will help you to get along. Don't despair Robert Best wrote:
Eberhard, it is not easy.
On Saturday 16 June 2007 17:53, Eberhard Roloff wrote:
Robert Best wrote:
rwb:~> ip a 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue ...... 2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc ...... inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0 ......
fam:~> ip a ...... inet 192.168.1.64/24 brd 192.168.1.255 scope global eth0 with 64 instead of 65.
rwb:~> ping 192.168.1.64 sends and receives packets
fish://192.168.1.64 works !!! Hi Robert,
Congratulations!!! It's easy, isn't it?
No. Kenneth on this list learned me about the command ip a which is not mentioned in O'Reilly's Nutshell or the SuSE manual. Ch 21, Basic Networking in the Reference documentation should include info about how to find unknown IP addresses of computers in a LAN.
well, Kenneth's command works but I think, the more usual command for this is: /sbin/ifconfig This is surely documented in the Nutshell. And it is easy, I memorize it as i(NTER)f(ACE)config(URATION) If you are root, a simple "ifconfig" works, as an ordinary user, you need /sbin/ifconfig
but only after tearing down the firewall on machine fam, I assume? That is ok, if your internet router acts as a firewall for your local network.
It is a Speedtouch ADSL modem. Don't know about firewall capabilities.
At least something is giving you the 192.168.x.x ip Adresses. If they come from your Speedtouch and it converts them to "real" Internet Adresses, this acts in fact as a router.
If you feel better enabling the firewall on fam, you need to allow ssh traffic on port 22 as has already been said in another mail. You can do that easily with yast on machine fam.
No. I can't find it in YaST2 / Security and Users / Firewall.
Yes, you can: ;-) Yast2 / Security and Users / Firewall / Allowed Services (for External Zone) / Service to allow / choose SSH from the List / klick on Add And: you are done!! In case that there are more problems that you encounter or you have more questions, just do not hesitate to ask. This list has only one sole reason for existence: It is here to help people achieve what they are heading for!!! And Linux may not be easy, especially when you are beginning to explore it, but chances are, you will never ever regret it. kind regards Eberhard
fam:~> SuSEfirewall2 stop
Robert regards Eberhard
Kind regards, Robert
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 2007-06-17 at 20:34 +0200, Eberhard Roloff wrote:
Hi Robert,
we will help you to get along. Don't despair
<snip>
Congratulations!!! It's easy, isn't it?
No. Kenneth on this list learned me about the command ip a which is not mentioned in O'Reilly's Nutshell or the SuSE manual. Ch 21, Basic Networking in the Reference documentation should include info about how to find unknown IP addresses of computers in a LAN.
well, Kenneth's command works but I think, the more usual command for this is: /sbin/ifconfig
This command is being replaced by the ip command which is why I suggested it instead. No sense teaching about commands that are not going to be with us much longer. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Kenneth Schneider wrote:
On Sun, 2007-06-17 at 20:34 +0200, Eberhard Roloff wrote:
Hi Robert,
we will help you to get along. Don't despair
<snip>
Congratulations!!! It's easy, isn't it? No. Kenneth on this list learned me about the command ip a which is not mentioned in O'Reilly's Nutshell or the SuSE manual. Ch 21, Basic Networking in the Reference documentation should include info about how to find unknown IP addresses of computers in a LAN. well, Kenneth's command works but I think, the more usual command for this is: /sbin/ifconfig
This command is being replaced by the ip command which is why I suggested it instead. No sense teaching about commands that are not going to be with us much longer.
agreed. But, rarely, I see sense in telling (not teaching!) beginners commands that they will find in the books and can read up. Later on, a "man ip" or shorter "ip --help" will be easy to understand for them. regards E -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Kenneth Schneider wrote:
On Sun, 2007-06-17 at 20:34 +0200, Eberhard Roloff wrote:
Hi Robert,
we will help you to get along. Don't despair
<snip>
Congratulations!!! It's easy, isn't it? No. Kenneth on this list learned me about the command ip a which is not mentioned in O'Reilly's Nutshell or the SuSE manual. Ch 21, Basic Networking in the Reference documentation should include info about how to find unknown IP addresses of computers in a LAN. well, Kenneth's command works but I think, the more usual command for this is: /sbin/ifconfig
This command is being replaced by the ip command which is why I suggested it instead. No sense teaching about commands that are not going to be with us much longer.
The ifconfig command will always be with us, it's a unix standard. IIRC on suse, ifconfig is just a wrapper around ip anyway. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2007-06-17 15:39, joe wrote:
<snip>
IIRC on suse, ifconfig is just a wrapper around ip anyway.
Ip does a lot more than ifconfig, including setting up routing tables and tunnelling, to name but two. You might also wish to take a look at the two with a "ls -l" (they're both in /sbin/), as well as the rpm packages each is in. Ifconfig is rather deprecated, but the package it comes in (net-tools) isn't.. for example, there is nothing in iproute2 to set a system's hostname. -- Hypocrisy is the homage vice pays to virtue. -- François de La Rochefoucauld -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Eberhard, my complaint ("not easy") refers mainly to Ch 21.4 Basic Networking in the SuSE documentation. It's really too long and complicated to set up a simple LAN, and it asks to enter IP addresses but never mentions ifconfig or ip commands to find them. Regards, Robert On Sunday 17 June 2007 19:34, Eberhard Roloff wrote:
Hi Robert,
we will help you to get along. Don't despair
Thanks. Please see below.
Robert Best wrote:
Eberhard, it is not easy.
On Saturday 16 June 2007 17:53, Eberhard Roloff wrote:
Robert Best wrote:
rwb:~> ip a 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue ...... 2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc ...... inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0 ......
fam:~> ip a ...... inet 192.168.1.64/24 brd 192.168.1.255 scope global eth0 with 64 instead of 65.
rwb:~> ping 192.168.1.64 sends and receives packets
fish://192.168.1.64 works !!!
Hi Robert,
Congratulations!!! It's easy, isn't it?
No. Kenneth on this list learned me about the command ip a which is not mentioned in O'Reilly's Nutshell or the SuSE manual. Ch 21, Basic Networking in the Reference documentation should include info about how to find unknown IP addresses of computers in a LAN.
well, Kenneth's command works but I think, the more usual command for this is: /sbin/ifconfig This is surely documented in the Nutshell. And it is easy, I memorize it as i(NTER)f(ACE)config(URATION)
Yes, it covers two pages in the Nutshell.
If you are root, a simple "ifconfig" works, as an ordinary user, you need /sbin/ifconfig
but only after tearing down the firewall
on machine fam, I assume? That is ok, if your internet router acts as a firewall for your local network.
It is a Speedtouch ADSL modem. Don't know about firewall capabilities.
At least something is giving you the 192.168.x.x ip Adresses. If they come from your Speedtouch and it converts them to "real" Internet Adresses, this acts in fact as a router.
If you feel better enabling the firewall on fam, you need to allow ssh traffic on port 22 as has already been said in another mail. You can do that easily with yast on machine fam.
No. I can't find it in YaST2 / Security and Users / Firewall.
Yes, you can: ;-)
Yast2 / Security and Users / Firewall / Allowed Services (for External Zone) / Service to allow / choose SSH from the List / klick on Add And: you are done!!
Don't understand. I use fish (or sftp, not ssh) to transport files in the LAN which I suppose is in Internal, not External Zone. Port 22 is never mentioned in these zones. I'd like to put the firewall between the LAN and the Internet. Currently I pull out the phone line from the router when I disable a Firewall.
In case that there are more problems that you encounter or you have more questions, just do not hesitate to ask.
This list has only one sole reason for existence: It is here to help people achieve what they are heading for!!!
I was amazed that so many people responded to my question. Thanks to all!
And Linux may not be easy, especially when you are beginning to explore it, but chances are, you will never ever regret it.
I use SuSE Linux since vs 8.2 and explore other distros on 3 other partitions, but SuSE is my favorite.
regards Eberhard
Kind regards, Robert
-- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2007-06-18 at 11:00 +0100, Robert Best wrote:
It is a Speedtouch ADSL modem. Don't know about firewall capabilities.
The "firewall capabilities" used by most of these modems is called NAT which stands for Network Address Translation ( there are other features available ). What this basically does is prevent an outside connection to an inside PC because there is no direct access via an outside IP address to an internal IP address. When you request an outside connection, lets say a connection to a web site, the modem automagically provides a temporary connection for you and drops it when the request has ended ( the web page has been loaded ). <snip>
Don't understand. I use fish (or sftp, not ssh) to transport files in the LAN which I suppose is in Internal, not External Zone. Port 22 is never mentioned in these zones. I'd like to put the firewall between the LAN and the Internet. Currently I pull out the phone line from the router when I disable a Firewall.
No need as the modem _is_ the firewall.
In case that there are more problems that you encounter or you have more questions, just do not hesitate to ask.
This list has only one sole reason for existence: It is here to help people achieve what they are heading for!!!
I was amazed that so many people responded to my question. Thanks to all!
That's why we volunteer to be here.
And Linux may not be easy, especially when you are beginning to explore it, but chances are, you will never ever regret it.
As I said in an earlier email it's easy once you know how. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Kenneth Schneider wrote:
On Mon, 2007-06-18 at 11:00 +0100, Robert Best wrote:
It is a Speedtouch ADSL modem. Don't know about firewall capabilities.
The "firewall capabilities" used by most of these modems is called NAT which stands for Network Address Translation ( there are other features available ). What this basically does is prevent an outside connection to an inside PC because there is no direct access via an outside IP address to an internal IP address. When you request an outside connection, lets say a connection to a web site, the modem automagically provides a temporary connection for you and drops it when the request has ended ( the web page has been loaded ).
Yes, exactly. I've never understood the Wild Eyed(tm) insistence on a firewall, as I imagine there very few installations where a user's computer is directly on the Internet these days. I always run behind a router, and thus don't need a firewall. If you have your cable modem plugged into a switch or router (ie, if your computer is on a 192.168 network), you don't need a firewall. And yet I can't get Windows to stop complaining about the fact I don't have the firewall turned on. Jeez! -- Jonathan Arnold (mailto:jdarnold@buddydog.org) Daemon Dancing in the Dark, an Open OS weblog: http://freebsd.amazingdev.com/blog/ UNIX is user-friendly. It's just a bit picky about who its friends are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thu, 21 Jun 2007, by jdarnold@buddydog.org:
Kenneth Schneider wrote:
On Mon, 2007-06-18 at 11:00 +0100, Robert Best wrote:
It is a Speedtouch ADSL modem. Don't know about firewall capabilities.
The "firewall capabilities" used by most of these modems is called NAT which stands for Network Address Translation ( there are other features available ). What this basically does is prevent an outside connection to an inside PC because there is no direct access via an outside IP address to an internal IP address. When you request an outside connection, lets say a connection to a web site, the modem automagically provides a temporary connection for you and drops it when the request has ended ( the web page has been loaded ).
Yes, exactly. I've never understood the Wild Eyed(tm) insistence on a firewall, as I imagine there very few installations where a user's computer is directly on the Internet these days. I always run behind a router, and thus don't need a firewall. If you have your cable modem plugged into a switch or router (ie, if your computer is on a 192.168 network), you don't need a firewall. And yet I can't get Windows to stop complaining about the fact I don't have the firewall turned on.
My router has it's default route set to my PC, so I get all sewer overflow from the wasteland, on purpose. I hate it when stupid things do not work because of over-zealous 3th party gadgets. For XP btw: Control Panel::Security Center::Change the way windows alerts me Uncheck firewall. Theo (whishing he didn't (have to) know these things) -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.18 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Theo v. Werkhoven wrote:
Thu, 21 Jun 2007, by jdarnold@buddydog.org:
Kenneth Schneider wrote:
It is a Speedtouch ADSL modem. Don't know about firewall capabilities. The "firewall capabilities" used by most of these modems is called NAT which stands for Network Address Translation ( there are other features available ). What this basically does is prevent an outside connection to an inside PC because there is no direct access via an outside IP address to an internal IP address. When you request an outside connection, lets say a connection to a web site, the modem automagically
On Mon, 2007-06-18 at 11:00 +0100, Robert Best wrote: provides a temporary connection for you and drops it when the request has ended ( the web page has been loaded ). Yes, exactly. I've never understood the Wild Eyed(tm) insistence on a firewall, as I imagine there very few installations where a user's computer is directly on the Internet these days. I always run behind a router, and thus don't need a firewall. If you have your cable modem plugged into a switch or router (ie, if your computer is on a 192.168 network), you don't need a firewall. And yet I can't get Windows to stop complaining about the fact I don't have the firewall turned on.
My router has it's default route set to my PC, so I get all sewer overflow from the wasteland, on purpose. I hate it when stupid things do not work because of over-zealous 3th party gadgets.
Yes, not to say there aren't always exceptions, but I'm still willing to bet firewalls, for many people, have caused more problems than they have solved.
For XP btw: Control Panel::Security Center::Change the way windows alerts me Uncheck firewall.
Excellent! Never saw that setting. Even after you pointed it out, it took me several minutes of looking around to see the link for it.
Theo (whishing he didn't (have to) know these things)
Some of us are glad! I use XP for work, but moved away from Windows almost a year ago on my personal machine. -- Jonathan Arnold (mailto:jdarnold@buddydog.org) Daemon Dancing in the Dark, an Open OS weblog: http://freebsd.amazingdev.com/blog/ UNIX is user-friendly. It's just a bit picky about who its friends are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jonathan Arnold wrote:
Theo v. Werkhoven wrote:
Thu, 21 Jun 2007, by jdarnold@buddydog.org:
Kenneth Schneider wrote:
On Mon, 2007-06-18 at 11:00 +0100, Robert Best wrote:
> It is a Speedtouch ADSL modem. Don't know about firewall > capabilities. > The "firewall capabilities" used by most of these modems is called NAT which stands for Network Address Translation ( there are other features available ). What this basically does is prevent an outside connection to an inside PC because there is no direct access via an outside IP address to an internal IP address. When you request an outside connection, lets say a connection to a web site, the modem automagically provides a temporary connection for you and drops it when the request has ended ( the web page has been loaded ).
Yes, exactly. I've never understood the Wild Eyed(tm) insistence on a firewall, as I imagine there very few installations where a user's computer is directly on the Internet these days. I always run behind a router, and thus don't need a firewall. If you have your cable modem plugged into a switch or router (ie, if your computer is on a 192.168 network), you don't need a firewall. And yet I can't get Windows to stop complaining about the fact I don't have the firewall turned on.
Yes, not to say there aren't always exceptions, but I'm still willing to bet firewalls, for many people, have caused more problems than they have solved. <snip>
Our ISP has a master firewall on his fiber connections that is WAY more powerful than anything I would pay for. We are three layers inside his network. Each access point has it's own powerful firewall. This feeds through the modem to a router with a firewall. That's five firewalls between me and the fiber. If they want in bad enough to get through all that they can have it. I can't see where having a firewall on my computer is going to make any difference. Besides all that, if they want you bad enough they WILL get you. Firewalls are like padlocks. They keep honest people honest. The only sure fire way to keep someone out of your computer is to unplug the network cable, remove the modem, and unplug it from the wall. Anything short of that.......NO guarantees. -- (o:]>*HUGGLES*<[:o) Billie Walsh The three best words in the English Language: "I LOVE YOU" Pass them on! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Billie Erin Walsh wrote:
Our ISP has a master firewall on his fiber connections that is WAY more powerful than anything I would pay for. We are three layers inside his network.
ISP firewall? What happens if you want to connect to your own network, via SSH or VPN? -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Billie Erin Walsh wrote:
Our ISP has a master firewall on his fiber connections that is WAY more powerful than anything I would pay for. We are three layers inside his network.
ISP firewall? What happens if you want to connect to your own network, via SSH or VPN?
Never do that. If I'm out of town and using my laptop the computer is usually turned off. If I'm just running around town, and IF I should take my laptop for some reason, I can't think of any reason I would need to. Any pertinent data I might need at any given time is already on my laptop. I honestly can't think of any reason to need to connect to my desktop. Someday that may change but for now............................. I'll cross that bridge when the time comes. I'm sure there is some way to get there . Have to ask Sam if/when the time comes. -- (o:]>*HUGGLES*<[:o) Billie Walsh The three best words in the English Language: "I LOVE YOU" Pass them on! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Billie Erin Walsh wrote:
James Knott wrote:
Billie Erin Walsh wrote:
Our ISP has a master firewall on his fiber connections that is WAY more powerful than anything I would pay for. We are three layers inside his network.
ISP firewall? What happens if you want to connect to your own network, via SSH or VPN?
Never do that. If I'm out of town and using my laptop the computer is usually turned off. If I'm just running around town, and IF I should take my laptop for some reason, I can't think of any reason I would need to. Any pertinent data I might need at any given time is already on my laptop. I honestly can't think of any reason to need to connect to my desktop. Someday that may change but for now............................. I'll cross that bridge when the time comes. I'm sure there is some way to get there . Have to ask Sam if/when the time comes.
I access my home system frequently. For example right now I'm at work and getting my email from an IMAP server on my main home computer. To get there, I run OpenVPN, which gets me through my firewall and to all the resources on my home network. I also have SSH available, should I choose to go that way. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 06/22/2007 James Knott wrote:
I access my home system frequently. For example right now I'm at work and getting my email from an IMAP server on my main home computer. To get there, I run OpenVPN, which gets me through my firewall and to all the resources on my home network. I also have SSH available, should I choose to go that way.
If I'm out somewhere with my laptop I just log in and download my mail directly from the server. That's why I turn off my desktop when I'm going to be gone long enough to need to do my e-mail [ If I'm not going to be there for any length of time why give it the wear and tear? ] I have all the necessary "resources" I need right on my laptop. My needs are VERY simple. Genealogy program, E-mail, Browser, and such addons as PDF viewers. In some certain rare cases I might want to watch a DVD or listen to a CD so I need programs for that. That's about it. I don't "work" in a place that I need presentation stuff or any of the more high powered stuff. I don't have any need to swap files from home to work and back again. Just consider me the average home computer user. -- (o:]>*HUGGLES*<[:o) Billie Walsh The three best words in the English Language: "I LOVE YOU" Pass them on! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Billie Erin Walsh wrote:
Jonathan Arnold wrote:
Theo v. Werkhoven wrote:
Thu, 21 Jun 2007, by jdarnold@buddydog.org:
Kenneth Schneider wrote:
On Mon, 2007-06-18 at 11:00 +0100, Robert Best wrote:
>> It is a Speedtouch ADSL modem. Don't know about firewall >> capabilities. >> The "firewall capabilities" used by most of these modems is called NAT which stands for Network Address Translation ( there are other features available ). What this basically does is prevent an outside connection
NAT is not in itself a security technology. It does give a limited security by obscurity by hiding machines on a local lan from the outside world but not a lot other than that. What a firewall gives is what can be accessed, how it can be accessed and from where. With more sophisticated technologies (e.g. Novells Border manager) one can also define who can access what. <snip>
Yes, exactly. I've never understood the Wild Eyed(tm) insistence on a firewall, as I imagine there very few installations where a user's computer is directly on the Internet these days. I always run behind a router, and thus don't need a firewall. If you have your cable modem plugged into a switch or router (ie, if your computer is on a 192.168 network), you don't need a firewall. And yet I can't get Windows to stop complaining about the fact I don't have the firewall turned on.
The difficulty with this proposition is the assumption that all machines on the local lan are adequately secured and used by reliable and trustworthy people. Any security is only as strong as its weakest link, and in most cases it is not the technology on the network but the people using that technology which present the problem. Unfortunately, there is nothing to stop an unsecured machine or malicious (or stupid) user from attempting (deliberately or inadvertently) to establish a link with an external site that that could effectively bypass firewall or NAT based security assumptions. A firewall policy for both external access and internal lan access is a requirement on any network, and when combined with locking down external access to SMTP and websites to proxy servers and mail hubs should at least make such attacks more difficult As Windows is particularly vulnerable to this kind subversive attack this kind of nagging is probably a good thing.
Yes, not to say there aren't always exceptions, but I'm still willing to bet firewalls, for many people, have caused more problems than they have solved. <snip>
Usually, this is because people do not understand what they are doing and why they are doing it. The link below is worth exploring... http://www.theregister.co.uk/2007/05/31/security_analogies/
Our ISP has a master firewall on his fiber connections that is WAY more powerful than anything I would pay for. We are three layers inside his network. Each access point has it's own powerful firewall. This feeds through the modem to a router with a firewall. That's five firewalls between me and the fiber. If they want in bad enough to get through all that they can have it. I can't see where having a firewall on my computer is going to make any difference.
I am intrigued by the concept of 3 levels of firewall giving 5 firewalls, enlighten me on the math please?
They keep honest people honest. The only sure fire way to keep someone out of your computer is to unplug the network cable, remove the modem, and unplug it from the wall. Anything short of that.......NO guarantees.
- -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGfChvasN0sSnLmgIRAv4vAKDnvJJJIlxUUn1s2R6mXtXnQsm8IwCfaDzv pIHUtqj/drKAv07ysY2kT1s= =j4XI -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 06/22/2007 G T Smith wrote:
I am intrigued by the concept of 3 levels of firewall giving 5 firewalls, enlighten me on the math please?
It's a wireless ISP. He has fiber to his "office" where he has one firewall. Each "repeater" has it's own firewall. I'm three bounces from his "office". Then my own router has it's firewall. Last time I checked we were about 9 nano-seconds from the fiber [ radio propagation speeds and all that ]. The speed is better than DSL and Cable. -- (o:]>*HUGGLES*<[:o) Billie Walsh The three best words in the English Language: "I LOVE YOU" Pass them on! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Billie Erin Walsh wrote:
On 06/22/2007 G T Smith wrote:
I am intrigued by the concept of 3 levels of firewall giving 5 firewalls, enlighten me on the math please?
It's a wireless ISP. He has fiber to his "office" where he has one firewall. Each "repeater" has it's own firewall. I'm three bounces from his "office". Then my own router has it's firewall. Last time I checked we were about 9 nano-seconds from the fiber [ radio propagation speeds and all that ]. The speed is better than DSL and Cable.
I think there is one word for this.... aaargh!! :-) - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGfGe6asN0sSnLmgIRAtGiAJ44dR0KWfnsl/AIY+YTqR9R1cpJuQCgkRU/ 50S/kNxlodTqj9Z4sL7QDF8= =uHei -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
G T Smith wrote:
Billie Erin Walsh wrote:
On 06/22/2007 G T Smith wrote:
I am intrigued by the concept of 3 levels of firewall giving 5 firewalls, enlighten me on the math please? It's a wireless ISP. He has fiber to his "office" where he has one firewall. Each "repeater" has it's own firewall. I'm three bounces from his "office". Then my own router has it's firewall. Last time I checked we were about 9 nano-seconds from the fiber [ radio propagation speeds and all that ]. The speed is better than DSL and Cable.
I think there is one word for this....
aaargh!! :-)
Hey. At least all I need to worry about is my system and my computer. Network problems, just call Sam and let him tear his hair out. -- (o:]>*HUGGLES*<[:o) Billie Walsh The three best words in the English Language: "I LOVE YOU" Pass them on! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
G T Smith wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Billie Erin Walsh wrote:
Jonathan Arnold wrote:
Theo v. Werkhoven wrote:
Thu, 21 Jun 2007, by jdarnold@buddydog.org:
Kenneth Schneider wrote:
On Mon, 2007-06-18 at 11:00 +0100, Robert Best wrote:
>>> It is a Speedtouch ADSL modem. Don't know about firewall >>> capabilities. >>> The "firewall capabilities" used by most of these modems is called NAT which stands for Network Address Translation ( there are other features available ). What this basically does is prevent an outside connection
NAT is not in itself a security technology. It does give a limited security by obscurity by hiding machines on a local lan from the outside world but not a lot other than that.
What a firewall gives is what can be accessed, how it can be accessed and from where. With more sophisticated technologies (e.g. Novells Border manager) one can also define who can access what.
<snip>
Yes, exactly. I've never understood the Wild Eyed(tm) insistence on a firewall, as I imagine there very few installations where a user's computer is directly on the Internet these days. I always run behind a router, and thus don't need a firewall. If you have your cable modem plugged into a switch or router (ie, if your computer is on a 192.168 network), you don't need a firewall. And yet I can't get Windows to stop complaining about the fact I don't have the firewall turned on.
The difficulty with this proposition is the assumption that all machines on the local lan are adequately secured and used by reliable and trustworthy people. Any security is only as strong as its weakest link, and in most cases it is not the technology on the network but the people using that technology which present the problem.
But I'm talking about a home network with 1-3 PCs hooked on to it, mostly running games and the like. Barring something happening from inside, it just isn't a worry. Not to say as my kids get older, I won't have to look into a firewall to avoid any bad accidents. But until then, my home network is pretty safe behind my NAT router.
Unfortunately, there is nothing to stop an unsecured machine or malicious (or stupid) user from attempting (deliberately or inadvertently) to establish a link with an external site that that could effectively bypass firewall or NAT based security assumptions. A firewall policy for both external access and internal lan access is a requirement on any network, and when combined with locking down external access to SMTP and websites to proxy servers and mail hubs should at least make such attacks more difficult
As Windows is particularly vulnerable to this kind subversive attack this kind of nagging is probably a good thing.
Yes, not to say there aren't always exceptions, but I'm still willing to bet firewalls, for many people, have caused more problems than they have solved. <snip>
Usually, this is because people do not understand what they are doing and why they are doing it. The link below is worth exploring...
Thanks for the link. -- Jonathan Arnold (mailto:jdarnold@buddydog.org) Daemon Dancing in the Dark, an Open OS weblog: http://freebsd.amazingdev.com/blog/ UNIX is user-friendly. It's just a bit picky about who its friends are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jonathan Arnold wrote:
Some of us are glad! I use XP for work, but moved away from Windows almost a year ago on my personal machine.
I have never had Windows as my main OS on my home computer. I've only got it on my ThinkPad, which I also installed SUSE on. At home, I went from DOS to OS/2, over 15 years ago and then to Linux, about 5 years ago. Whenever I have to use Windows, I feel restricted because it's very limiting compared to Linux or OS/2. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Robert, Robert Best wrote: [...]
No. I can't find it in YaST2 / Security and Users / Firewall. Yes, you can: ;-)
Yast2 / Security and Users / Firewall / Allowed Services (for External Zone) / Service to allow / choose SSH from the List / klick on Add And: you are done!!
Don't understand. I use fish (or sftp, not ssh)
fish means: Konqueror Browsing via ssh (and scp). So if you want to connect with fish, you first need to ensure that ssh works. Otherwise, fish will not work. Period. to transport files in
the LAN which I suppose is in Internal, not External Zone. Port 22 is never mentioned in these zones. Try external (whatever that means), enable port 22 and I promise, you are done within 30 seconds!
I'd like to put the firewall between the LAN and the Internet.
This is, where it belongs! ;-)
Currently I pull out the phone line from the router when I disable a Firewall.
Imho this does not make sense. Your router IS your firewall in the sense that it acts as such. So you better go to your router configuration and look for "firewall" settings. In addition, while you are at it, you most probably can configure your router to drop the connection after a certain amount of inactivity time. This is where you should set up an idle timeout instead of physically pluging the cable. kind regards Eberhard -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Robert Best wrote:
fish://192.168.1.64 works !!! but only after tearing down the firewall fam:~> SuSEfirewall2 stop
Robert
There's a firewall option in Yast, to passs SSH. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 16 June 2007, Robert Best wrote:
fish://192.168.1.64 works !!! but only after tearing down the firewall fam:~> SuSEfirewall2 stop
So open port 22 in the suse firewall ! -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (11)
-
Billie Erin Walsh -
Darryl Gregorash -
Eberhard Roloff -
G T Smith -
James Knott -
joe -
John Andersen -
Jonathan Arnold -
Kenneth Schneider -
Robert Best -
Theo v. Werkhoven