Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1236
  • Last Modified:

Hamachi & Linux Firewall

Hello

My server is running Fedora Core 8 with Linux Firewall allowing only few ports to connect. I am using Webmin to configure Linux Firewall.

I have just installed Hamachi there and joined a network. Now I want to connect through Hamachi from Windows XP machine who has also joined the same network. The Windows Hamachi shows my Linux machine but shows it Offline.

I guess this is because of my Firewall on the Server.

I set allowed in the firewall If input interface is ham0 or If output interface is ham0 but still no luck.

Kindly help me solving this issue
0
systemsautomation
Asked:
systemsautomation
  • 4
  • 3
1 Solution
 
BlazCommented:
I have no experience with Hamachi, but based on the description http://en.wikipedia.org/wiki/Hamachi a connection from each client to central servers is initiated. This connection carries information about when each client is on/offline.

I suspect you are not connected to the servers on the linux machine. The problems with the firewall should occur only when you would attempt to transfer data.
0
 
systemsautomationAuthor Commented:
Hamachi is showing I am connected. See below

[root@server ~]# hamachi
Hamachi, a zero-config virtual private networking utility, ver 0.9.9.9-20

  version  : hamachi-lnx-0.9.9.9-20
  pid      : 11452
  status   : logged in
  nickname : myname

[root@server ~]# hamachi start
Hamachi is already started
[root@server ~]# hamachi login
Already logged in.
0
 
systemsautomationAuthor Commented:
In fact I was doing a little mistake. Windows Hamachi is showing 'Connecting' and not offline.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
BlazCommented:
on command line type
iptables -L -nvx

and post the result. That is how we will see your current firewall rules and what may be causing the problems.
0
 
systemsautomationAuthor Commented:
[root@server ~]# iptables -L -nvx
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination        
  165033 42080688 RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0          

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination        
       0        0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 131590 packets, 267970433 bytes)
    pkts      bytes target     prot opt in     out     source               destination        
  131590 267970433            all  --  *      *       0.0.0.0/0            0.0.0.0/0          

Chain RH-Firewall-1-INPUT (1 references)
    pkts      bytes target     prot opt in     out     source               destination        
   34456 29994467 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          
      81     7228 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 255
  129892 12042055 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
     376    20946 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW
       3      180 ACCEPT     tcp  --  *      *       116.0.0.0/8          0.0.0.0/0           tcp dpt:22 state NEW
       0        0 ACCEPT     tcp  --  *      *       124.29.195.83        0.0.0.0/0           tcp dpt:22 state NEW
       0        0 ACCEPT     tcp  --  *      *       202.38.61.0/24       0.0.0.0/0           tcp dpt:22 state NEW
       0        0 ACCEPT     tcp  --  *      *       202.69.42.0/24       0.0.0.0/0           tcp dpt:22 state NEW
       0        0 ACCEPT     tcp  --  *      *       194.170.203.100      0.0.0.0/0           tcp dpt:22 state NEW
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 state NEW
       0        0 ACCEPT     tcp  --  *      *       195.87.11.250        0.0.0.0/0           tcp dpt:22 state NEW
       0        0 ACCEPT     tcp  --  *      *       85.105.7.6           0.0.0.0/0           tcp dpt:22 state NEW
      52     3228 ACCEPT     tcp  --  *      *       116.0.0.0/8          0.0.0.0/0           tcp dpt:1555 state NEW
       0        0 ACCEPT     tcp  --  *      *       194.170.203.100      0.0.0.0/0           tcp dpt:1555 state NEW
       0        0 ACCEPT     tcp  --  *      *       116.0.0.0/8          0.0.0.0/0           tcp dpt:8080 state NEW
       0        0 ACCEPT     all  --  vmnet8 *       0.0.0.0/0            0.0.0.0/0          
       0        0 ACCEPT     all  --  vmnet8 vmnet8  0.0.0.0/0            0.0.0.0/0           state NEW
       0        0 ACCEPT     tcp  --  *      vmnet8  0.0.0.0/0            0.0.0.0/0           tcp dpts:137:139 state NEW
       0        0 ACCEPT     tcp  --  *      *       81.88.211.242        0.0.0.0/0           tcp dpt:1555 state NEW
       0        0 ACCEPT     tcp  --  *      *       213.147.55.42        0.0.0.0/0           tcp dpt:1555 state NEW
      21     1826 ACCEPT     tcp  --  *      *       64.191.25.22         0.0.0.0/0           tcp dpt:1555 state NEW
       0        0 ACCEPT     tcp  --  *      *       12.27.120.225        0.0.0.0/0           tcp dpt:1555 state NEW
       0        0 ACCEPT     tcp  --  *      *       119.0.0.0/8          0.0.0.0/0           tcp dpt:22 state NEW
       0        0 ACCEPT     tcp  --  *      *       210.2.133.188        0.0.0.0/0           tcp dpt:1555 state NEW
       0        0 ACCEPT     tcp  --  *      *       119.0.0.0/8          0.0.0.0/0           tcp dpt:1555 state NEW
       0        0 ACCEPT     tcp  --  *      *       210.2.134.219        0.0.0.0/0           tcp dpt:22 state NEW
       0        0 ACCEPT     tcp  --  *      *       210.2.134.219        0.0.0.0/0           tcp dpt:1555 state NEW
       0        0 ACCEPT     tcp  --  *      *       210.2.134.219        0.0.0.0/0           tcp dpt:8080 state NEW
      70     5617 ACCEPT     all  --  ham0   *       0.0.0.0/0            0.0.0.0/0          
       0        0 ACCEPT     all  --  *      ham0    0.0.0.0/0            0.0.0.0/0          
      82     5141 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
0
 
BlazCommented:
70     5617 ACCEPT     all  --  ham0   *       0.0.0.0/0            0.0.0.0/0      
0        0 ACCEPT     all  --  *      ham0    0.0.0.0/0            0.0.0.0/0          

Your rules are in the firewall. The first rule sees some traffic (70 packets, 5617 bytes) and it allows it. The second rule is not relevant because it receives no traffic (it would hit outgoing traffic, but that traffic is already accepted in OUTPUT chain).

You do have some traffic that gets to REJECT (82 packets). You could enable logging of rejected packets and see what those packets are.

It might very well be that the firewall is not your problem...

0
 
systemsautomationAuthor Commented:
Yes you are right.

It started working when I restarted Hamachi on the Server.

Thanks for your help.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now