richard lyons wrote:
On Monday 21 June 2004 11:42, John Summerfield wrote:richard lyons wrote:I must be in an exceptionally dim mood today. I just noticed that my laptop, on which I am writing this, is not accessible from otherboxes on the network. Ping, nfs, cups are all failing to connect. Must beSounds ideal to me. Are you running any firewall setup on the laptop?I did not think I was... [...]If this command returns a list of machines, your DNS setup is working: host www.ibm.com$ host www.ibm.com -bash: host: command not foundBut it must be working, as I can browse the web and ping out to the network. That is a red herring (though I wish I had dig - perhaps I need to install bind to get it.)
I perfer the host command for most things: dig's report takes me a week to decifer!
This will install a host command: apt-get -uy install bind9-host
I can`t at the moment think what to look for next -- quick hint anyone?Not being able to ping your box can be annoying when you're trying to diagnose connectivity probs. What does this produce: iptables -LMy output is hugely long. Each of the sections Chain INPUT, FORWARD and OUTPUT have `(policy DROP)`, followed by many other lines. I have never configured a firewall on this computer as the network is behind a firewall. (Accepting that that may not be a good policy). Just the same, I assume this is the problem, as I do get about 150 lines of printout from iptables -L. Can I just turn this off somehow?
It's the _reason _ people can't ping you etc. Whether it's a _problem_ is a management issue. I'm coming to the opinion _every_ box on a LAN should run its own firewall software so as to slow down any intruders who breach your firewall.
Remember that one way to breach a firewall is to send some email to a Windows box on the LAN. There's always another unpatched vulnerability.
I see two alternatives. I'll assume that you have some firewall package installed and setup. 1. Discover how to disable it. Likely there's a symlink in /etc/rc2.d that has some relevance. 2. Remove it. Probably there's a part of it in /etc/init.d that you might spot. Go through the contents of that directory and learn what everything there is. 3. I can't count:-) Identify the package and configure it to grant the access you want.If it is _not_ like this, then that's re reason: Dolphin:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Dolphin:~# It seems to me you have an unexpectedly secure firewall setup:-)Evidently. :-( Is that half a day of learning, or can I slip out by some cheat?
I prefer the third. Mr Bracegirdle's approach has some merit.