Iptables question about peer-to-peer rules
Pedro Macedo
webmaster at margo.bijoux.nom.br
Mon Apr 4 17:36:58 UTC 2005
Em Seg, 2005-04-04 às 19:23 +0200, Mark Nixon escreveu:
> Darn, it's hard to formulate an appropriate subject sometimes.
>
> I have a little peer-to-peer network. I have an ADSL modem and a switch,
> to which I have 4 computers connected,
>
> As far as I have been able to suss out, my ADSL modem or my switch is
> assigning the 10.0.* addresses.
>
> I have only one printer, attached to my Linux computer. At the moment,
> this is the most logical for my configuration.
>
> I have one computer running Win Me, another running Win XP, a third
> running Linux Core 3, and occasionally my laptop running Win XP.
>
> If there's any other info required, let me know.
>
> Up to now, I've been able to use my Linux machine as a print server by
> sending the command (as root) iptables -F.
>
> I know this is stupid.
>
> Of course, I want the other computers on my LAN to be able to see, and
> use, my share files *every* time.
>
> Which, of course, means that iptables rules should be read in at boot
> time.
>
> >From what I've been able to suss out from man iptables, Googling and
> reading "Red Hat Fedora Linux 3 Bible" I should do the following:
>
> stop iptables "/etc/init.d/iptables stop"
>
> from the command line "iptables -A INPUT -p ALL -i eth0 -s 10.0.0.0/6
> accept"
>
> then I should write "service iptables save"
>
> and then reboot?
>
> This seems a little weird, as 10.0.0.1 is my gateway to the internet.
>
> Shouldn't it be "10.0.0.2/6 accept"?
>
Nope.. It's 10.0.0.0/6 accept .... Look on google for some information
about CIDR notation and netmasks...
In fact , I'd preffer to do something more controlled.. Something like
10.0.0.0/24 accept.. This means that only machines with IPs in the range
10.0.0.1 - 10.0.0.254 can access your machine...
> My Linux computer is *not* the Internet gateway, as European energy
> costs rule out (for us, anyway) having my Linux computer always running.
> Each computer on my LAN should be able to access the Internet
> independently.
>
Let me see if I understood correctly... Your modem is connected to a
cable/dsl router, right? (like this:
modem --> router = all the machines )
If it is , then you shouldnt need to have your computer always turned on
to access the internet.. You would have to turn it on just to print ,
since the printer is connected to your computer...
That iptables rule should do the trick of allowing anyone to print to
your printer , as long as cups (the print server) is properly configured
already..
--
Pedro Macedo
More information about the users
mailing list