I have a system that was recently setup with Red Hat 8. The user needs to connect to several UNIX systems (all non-Linux) and start up X clients to display on the RH8 system. The trouble I'm running into is that the RH8 system has the firewall setting at the highest security level which blocks remote X client access. ``No problem'', I say, ``We'll just disable the firewall and you can open the windows to the remote systems.'' (The RH8 system is inside a firewall already and there is no need to establish yet another firewall on this host.) Sounds simple enough. But Red Hat refuses to change the firewall security level. When I log in as root, go int o the ``System Settings -> Security Level'', and change the setting to `no firewall' and exit, no change is actually made. Reentering the security level dialog shows that it's still set to `High'. Going through this sequence just prior to a reboot results in the same end result.

(I've noticed that this is happening at home as well but has gone unnoticed as I don't have any other hosts on the home LAN running X applications.)

Anyone got any ideas as to what's preventing this change from being made?

TIA,

Rick

It is probably just showing high but not actually set at high.

However you can do this

chkconfig iptables off
chkconfig ipchains off

I know that ipchains wasn't selected during installation. The iptables startup was disabled using `chkconfig --level 12345 iptables off' but I will definitely verify this -- to be absloutely sure -- on the other user's system on Monday. (Luckily, the user is out of the office on Monday so I am free to do whatever it takes to get this puppy working properly. Provided no other fires erupt, that is. :-) )

Later...
Rick

Checked the service configuration and iptables was shut off across the board but still had some problems. Decided on a reinstallation -- which I normally hate to resort to but which solved the problem of a somewhat undersized /usr partition as well -- and the problem hasn't recurred. I basically did a full, select-everything installation this time instead of tailoring the installation to only the essentials for what the user is doing. Wasted some space but she's much happier now that X clients are working.

Doh' did you check /etc/hosts.allow and /etc/hosts.deny? I hate to see somebody reinstall.

Those shouldn't come into play for X clients. I don't have anything in those files but I have a bunch of system that I manage via X connections and all I use is xhost to enable access. And we had done ``xhost +'' to let any xclients connect and sometimes it would work but eventually it'd crap out. It was the weirdest darned thing I'd seen in a while.
Believe me, not any more than the guy whose just done it. :-) Luckily, this was a freshly installed system (replaced an aging and unsupported Sparcstation) and no user data was on the system; it's waiting to be untarred off the LAN. So it wasn't disruptive to anyone but me -- the user had taken St. Patrick's Day off -- and I was only inconvenienced to the extent that I had to pop in from time to time to see if it was time to swap CDs.

I know what you mean, I hate to even reboot mine. It's several kernels behind now though and the day must come.