LinuxMCE Forums
General => Users => Topic started by: ardist on August 17, 2007, 06:35:28 am
-
Hello all.
I have a little situation here, and I was hoping someone can help me out. I have a ISA 2006 firewall connected to my cable modem. My LinuxMCE is behind that connected to 2 different switches. One switch being its internal (Pluto universe) network and the other switch for the external- being the switch that the firewall is connected too. The problem I am having is that when I go through the wizard, and I need to connect to zap2it.com for my myth TV guide, It says that it can't connect to the internet. Now if I plug the core directly into the cable modem by-passing ISA 2006 it works fine. (this problem is only for the myth TV guide the rest of the computer is able to go onto the internet) I have spend considerable time trying to figure this out, I have opened the myth TV ports, and the sql ports, and some other ports that I found on some user forms, (basically any port I heard about that was mentioned on the linuxmce forms I opened; But still no good. So if there is anyone that might know how to solve this problem, maybe a ISA 2006 guru or someone running a similar setup can help me out. The other thing I taught was that maybe my internal isn’t side isn’t connecting to the internet, well I know there are firewall specialist and LinuxMce specialist our there and if there is any other information that you need from me just post away. I appreciate you taking out the time to read this post, and thank you in advance for posting any sort of response.
-
Did you try opening all ports? At least then you would know if it was a port problem or something else entirely.
-
Did you try opening all ports? At least then you would know if it was a port problem or something else entirely.
Hi there - My Linux MCE is behind the firewall. I would like to access the media on the machine, so that we can place our video on that.
Is there a recipe to fully disable the firewall?
My machine is a hybrid and has provision to connect to its storage from the second network card. But that requires us to go to its room. Since the machine is already behind the firewall, its under a trusted network.
This is an awesome product. Congrats to the creators of the product.
PS: I'd like to avoid disabling the DHCP in it for future potential use cases. However it will always be behind the firewall.
Anil
-
lol, ISA.. *muahahaa*
-
I too have my LinuxMCE Core behind another firewall, however, I do not experience any of the issues you have reported. I have no additional ports open on my Core Firewall, and outside of port forwarding the Web interface, there are no other ports specifically defined on my external firewall.
-
Did you try opening all ports? At least then you would know if it was a port problem or something else entirely.
Hi there - My Linux MCE is behind the firewall. I would like to access the media on the machine, so that we can place our video on that.
Is there a recipe to fully disable the firewall?
My machine is a hybrid and has provision to connect to its storage from the second network card. But that requires us to go to its room. Since the machine is already behind the firewall, its under a trusted network.
This is an awesome product. Congrats to the creators of the product.
PS: I'd like to avoid disabling the DHCP in it for future potential use cases. However it will always be behind the firewall.
Anil
Guys
I have my linux MCE set up behind a firewall which gives out the IP addresses in the series 192.168.2.1 to all the machines.
I have my linuxmce as static IP of 192.168.2.12
Since I added large storage to the Linux MCE machine, for media, I wanted to switch off my regular NAS and reduce one machine.
It was all possible from behind the LINUX MCE machine but not from the subnet that issued gateway to the LINUX MCE itself.
Since I am a novice, it took me a while to figure out but I was able to ..here is how...
Use the browser based access to LINUX MCE machine....
Go to Advanced >> Network >> Firewall rules
There is a small check box to disable firewall.. Click that save and now you can access the LINUX MCE using the static IP on its WAN side.
A word of CAUTION.....
This machine is now very vulnerable to attacks and breach. So please DO MAKE SURE that the LinuxMCE machine itself is behind a very good firewall.
Hope this helps people reduce one machine at their homes.
NEXT STEP:
I have enough users right now, but USER CREATE and sync with samba will be next goal.
Good luck and love this product. Congrats to its creators.
-
ISA and Firewall?
Thats like freezing hot water so you have it in the bad days...
I always thought it was a myth and only existed in some M$ marketing gags. Never believed anybody would use this crap.
-
Hey,
ISA ain't bad to be honest. :) It's not a hardware firewall but the combination of a reverse proxy makes it nice.
Do your rules allow all traffic from the Internal --> External networks?
-
Oooooooooooohhhhhhhhhhhhhhhh "reverse proxy" oooooooooooooohhhhhhhhhhhhhhh
Another great M$ "invention" which noone ever had before!
And what do you use this special over killing feature for?
Oh and by the way: because YOUR GREAT INVINCIBLE ISA FIREROXXORWALL doesn't manage to get some simple traffic through, it HAS TO BE a problem of LinuxMCE?!
-
calm down, guys :)
Okay..
so, to answer the question, yes.
LinuxMCE contains a full featured firewall based on iptables. It currently takes care of the majority of use cases for two things:
* blocking/allowing ports to the core (core_input)
* redirecting traffic from one port on the core, to another machine (port_redirect)
In addition, we have a variety of default firewall rules that protect against all the usual attacks, and packet matching, so that when we get our QoS stuff working well, it will slot in here too.
-Thom
-
Oooooooooooohhhhhhhhhhhhhhhh "reverse proxy" oooooooooooooohhhhhhhhhhhhhhh
Another great M$ "invention" which noone ever had before!
And what do you use this special over killing feature for?
Oh and by the way: because YOUR GREAT INVINCIBLE ISA FIREROXXORWALL doesn't manage to get some simple traffic through, it HAS TO BE a problem of LinuxMCE?!
Quieten down, fool! He never said Reverse Proxy was a M$ invention, he was pointing out that it was convenient that both functions were available in the same product. However, I note that all good security practice (and M$'s own advice) says that you should not be using both functions on the same device. In fact I think recent versions of ISA make this difficult/impossible.
For your information, Reverse Proxy features are vital for security that practically every corporate DMZ would have.
Carpenike - don't follow your point on not being a hardware firewall. I think you meant its an application rather than an appliance (like PIX or Checkpoint/Nokia) - are you aware that there a numerous appliance forms of ISA which would make them the same as these other "hardware" firewalls?
I don't particularly like ISA at all, problem is its cheap so its hard to ignore when the bean counters arrive!
-
I think you meant its an application rather than an appliance (like PIX or Checkpoint/Nokia) - are you aware that there a numerous appliance forms of ISA which would make them the same as these other "hardware" firewalls?
*ouch*
three of the worst examples in a single sentence :-p
-
"I don't particularly like ISA at all, problem is its cheap so its hard to ignore when the bean counters arrive!"
Uhm.. there are several firewalls that are indeed for free and also offer advanced security functions (Intrusion detection, web-virus-filter). And if you still need reverse proxy, well, there is a command line. Go for it.