Re: Iptables question about peer-to-peer rules
From: Pedro Macedo (webmaster_at_margo.bijoux.nom.br)
To: For users of Fedora Core releases <email@example.com> Date: Mon, 04 Apr 2005 14:36:58 -0300
Em Seg, 2005-04-04 às 19:23 +0200, Mark Nixon escreveu:
> Darn, it's hard to formulate an appropriate subject sometimes.
> I have a little peer-to-peer network. I have an ADSL modem and a switch,
> to which I have 4 computers connected,
> As far as I have been able to suss out, my ADSL modem or my switch is
> assigning the 10.0.* addresses.
> I have only one printer, attached to my Linux computer. At the moment,
> this is the most logical for my configuration.
> I have one computer running Win Me, another running Win XP, a third
> running Linux Core 3, and occasionally my laptop running Win XP.
> If there's any other info required, let me know.
> Up to now, I've been able to use my Linux machine as a print server by
> sending the command (as root) iptables -F.
> I know this is stupid.
> Of course, I want the other computers on my LAN to be able to see, and
> use, my share files *every* time.
> Which, of course, means that iptables rules should be read in at boot
> >From what I've been able to suss out from man iptables, Googling and
> reading "Red Hat Fedora Linux 3 Bible" I should do the following:
> stop iptables "/etc/init.d/iptables stop"
> from the command line "iptables -A INPUT -p ALL -i eth0 -s 10.0.0.0/6
> then I should write "service iptables save"
> and then reboot?
> This seems a little weird, as 10.0.0.1 is my gateway to the internet.
> Shouldn't it be "10.0.0.2/6 accept"?
Nope.. It's 10.0.0.0/6 accept .... Look on google for some information
about CIDR notation and netmasks...
In fact , I'd preffer to do something more controlled.. Something like
10.0.0.0/24 accept.. This means that only machines with IPs in the range
10.0.0.1 - 10.0.0.254 can access your machine...
> My Linux computer is *not* the Internet gateway, as European energy
> costs rule out (for us, anyway) having my Linux computer always running.
> Each computer on my LAN should be able to access the Internet
Let me see if I understood correctly... Your modem is connected to a
cable/dsl router, right? (like this:
modem --> router = all the machines )
If it is , then you shouldnt need to have your computer always turned on
to access the internet.. You would have to turn it on just to print ,
since the printer is connected to your computer...
That iptables rule should do the trick of allowing anyone to print to
your printer , as long as cups (the print server) is properly configured
-- Pedro Macedo -- fedora-list mailing list firstname.lastname@example.org To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list