LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-16-2003, 12:01 AM   #1
rnturn
Member
 
Registered: Jan 2003
Location: Illinois (Chicago area)
Distribution: Red Hat (8.0), SuSE (10.x, 11.x, 12.2), Solaris (8-10), Tru64
Posts: 950

Rep: Reputation: 51
Cannot disable firewall


I have a system that was recently setup with Red Hat 8. The user needs to connect to several UNIX systems (all non-Linux) and start up X clients to display on the RH8 system. The trouble I'm running into is that the RH8 system has the firewall setting at the highest security level which blocks remote X client access. ``No problem'', I say, ``We'll just disable the firewall and you can open the windows to the remote systems.'' (The RH8 system is inside a firewall already and there is no need to establish yet another firewall on this host.) Sounds simple enough. But Red Hat refuses to change the firewall security level. When I log in as root, go int o the ``System Settings -> Security Level'', and change the setting to `no firewall' and exit, no change is actually made. Reentering the security level dialog shows that it's still set to `High'. Going through this sequence just prior to a reboot results in the same end result.

(I've noticed that this is happening at home as well but has gone unnoticed as I don't have any other hosts on the home LAN running X applications.)

Anyone got any ideas as to what's preventing this change from being made?

TIA,

Rick
 
Old 03-16-2003, 12:05 AM   #2
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,154

Rep: Reputation: 56
It is probably just showing high but not actually set at high.

However you can do this

chkconfig iptables off
chkconfig ipchains off
 
Old 03-16-2003, 12:50 AM   #3
rnturn
Member
 
Registered: Jan 2003
Location: Illinois (Chicago area)
Distribution: Red Hat (8.0), SuSE (10.x, 11.x, 12.2), Solaris (8-10), Tru64
Posts: 950

Original Poster
Rep: Reputation: 51
Quote:
Originally posted by DavidPhillips
It is probably just showing high but not actually set at high.

However you can do this

chkconfig iptables off
chkconfig ipchains off
I know that ipchains wasn't selected during installation. The iptables startup was disabled using `chkconfig --level 12345 iptables off' but I will definitely verify this -- to be absloutely sure -- on the other user's system on Monday. (Luckily, the user is out of the office on Monday so I am free to do whatever it takes to get this puppy working properly. Provided no other fires erupt, that is. :-) )

Later...
Rick
 
Old 03-18-2003, 08:52 PM   #4
rnturn
Member
 
Registered: Jan 2003
Location: Illinois (Chicago area)
Distribution: Red Hat (8.0), SuSE (10.x, 11.x, 12.2), Solaris (8-10), Tru64
Posts: 950

Original Poster
Rep: Reputation: 51
Checked the service configuration and iptables was shut off across the board but still had some problems. Decided on a reinstallation -- which I normally hate to resort to but which solved the problem of a somewhat undersized /usr partition as well -- and the problem hasn't recurred. I basically did a full, select-everything installation this time instead of tailoring the installation to only the essentials for what the user is doing. Wasted some space but she's much happier now that X clients are working.
 
Old 03-18-2003, 08:53 PM   #5
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Doh' did you check /etc/hosts.allow and /etc/hosts.deny? I hate to see somebody reinstall.
 
Old 03-18-2003, 10:43 PM   #6
rnturn
Member
 
Registered: Jan 2003
Location: Illinois (Chicago area)
Distribution: Red Hat (8.0), SuSE (10.x, 11.x, 12.2), Solaris (8-10), Tru64
Posts: 950

Original Poster
Rep: Reputation: 51
Quote:
Originally posted by Crashed_Again
Doh' did you check /etc/hosts.allow and /etc/hosts.deny?
Those shouldn't come into play for X clients. I don't have anything in those files but I have a bunch of system that I manage via X connections and all I use is xhost to enable access. And we had done ``xhost +'' to let any xclients connect and sometimes it would work but eventually it'd crap out. It was the weirdest darned thing I'd seen in a while.
Quote:
I hate to see somebody reinstall.
Believe me, not any more than the guy whose just done it. :-) Luckily, this was a freshly installed system (replaced an aging and unsupported Sparcstation) and no user data was on the system; it's waiting to be untarred off the LAN. So it wasn't disruptive to anyone but me -- the user had taken St. Patrick's Day off -- and I was only inconvenienced to the extent that I had to pop in from time to time to see if it was time to swap CDs.
 
Old 03-19-2003, 08:55 PM   #7
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,154

Rep: Reputation: 56
I know what you mean, I hate to even reboot mine. It's several kernels behind now though and the day must come.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable Firewall in Redhat 9 PacMansRancor Linux - General 3 09-26-2005 08:29 PM
Disable the standard firewall? NL-Stitch Linux - Newbie 1 02-07-2005 01:47 PM
Unknown firewall that I need to disable R00ts Linux - Networking 5 07-04-2004 07:41 AM
Disable Firewall dvong3 Linux - Networking 1 04-30-2004 08:27 AM
how do you disable a firewall ? ICEAGE Linux - General 7 01-02-2003 12:58 AM


All times are GMT -5. The time now is 10:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration