LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Cannot disable firewall (http://www.linuxquestions.org/questions/linux-security-4/cannot-disable-firewall-50049/)

rnturn 03-16-2003 12:01 AM

Cannot disable firewall
 
I have a system that was recently setup with Red Hat 8. The user needs to connect to several UNIX systems (all non-Linux) and start up X clients to display on the RH8 system. The trouble I'm running into is that the RH8 system has the firewall setting at the highest security level which blocks remote X client access. ``No problem'', I say, ``We'll just disable the firewall and you can open the windows to the remote systems.'' (The RH8 system is inside a firewall already and there is no need to establish yet another firewall on this host.) Sounds simple enough. But Red Hat refuses to change the firewall security level. When I log in as root, go int o the ``System Settings -> Security Level'', and change the setting to `no firewall' and exit, no change is actually made. Reentering the security level dialog shows that it's still set to `High'. Going through this sequence just prior to a reboot results in the same end result.

(I've noticed that this is happening at home as well but has gone unnoticed as I don't have any other hosts on the home LAN running X applications.)

Anyone got any ideas as to what's preventing this change from being made?

TIA,

Rick

DavidPhillips 03-16-2003 12:05 AM

It is probably just showing high but not actually set at high.

However you can do this

chkconfig iptables off
chkconfig ipchains off

rnturn 03-16-2003 12:50 AM

Quote:

Originally posted by DavidPhillips
It is probably just showing high but not actually set at high.

However you can do this

chkconfig iptables off
chkconfig ipchains off

I know that ipchains wasn't selected during installation. The iptables startup was disabled using `chkconfig --level 12345 iptables off' but I will definitely verify this -- to be absloutely sure -- on the other user's system on Monday. (Luckily, the user is out of the office on Monday so I am free to do whatever it takes to get this puppy working properly. Provided no other fires erupt, that is. :-) )

Later...
Rick

rnturn 03-18-2003 08:52 PM

Checked the service configuration and iptables was shut off across the board but still had some problems. Decided on a reinstallation -- which I normally hate to resort to but which solved the problem of a somewhat undersized /usr partition as well -- and the problem hasn't recurred. I basically did a full, select-everything installation this time instead of tailoring the installation to only the essentials for what the user is doing. Wasted some space but she's much happier now that X clients are working.

Crashed_Again 03-18-2003 08:53 PM

Doh' did you check /etc/hosts.allow and /etc/hosts.deny? I hate to see somebody reinstall.

rnturn 03-18-2003 10:43 PM

Quote:

Originally posted by Crashed_Again
Doh' did you check /etc/hosts.allow and /etc/hosts.deny?
Those shouldn't come into play for X clients. I don't have anything in those files but I have a bunch of system that I manage via X connections and all I use is xhost to enable access. And we had done ``xhost +'' to let any xclients connect and sometimes it would work but eventually it'd crap out. It was the weirdest darned thing I'd seen in a while.
Quote:

I hate to see somebody reinstall.
Believe me, not any more than the guy whose just done it. :-) Luckily, this was a freshly installed system (replaced an aging and unsupported Sparcstation) and no user data was on the system; it's waiting to be untarred off the LAN. So it wasn't disruptive to anyone but me -- the user had taken St. Patrick's Day off -- and I was only inconvenienced to the extent that I had to pop in from time to time to see if it was time to swap CDs.

DavidPhillips 03-19-2003 08:55 PM

I know what you mean, I hate to even reboot mine. It's several kernels behind now though and the day must come.


All times are GMT -5. The time now is 02:31 AM.