Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, I am running FC3 and use the GUI in GNome environment to configure the iptables.
It seems to me that my firewall need to be restarted after a day or two otherwise the port opened will be blocked again.
For example, I open 137, 138, 139 and 445 for my samba print server. I could print from my xp box, but if I try to ping the samba netbios name from xp box later, it can't find the box, indicating the ports I opened are not functioning.
And Same thing happen to port 80, but if I restart the firewall, everything goes fine again. so I suspect it is my linux firewall that cause it.
When the machine is unreachable, is the network reachable from the machine?
Here's how you can check to see if the firewall is being changed somehow.
As root: run "iptables -L" and save the output in a file somewhere for later
reference. (ie: iptables -L > iptables-output1)
Then when the machine is unreachable. Run another "iptables -L" and compare
the output with the previous file. You might want to save the output to a different
file. (ie: iptables -L > iptables-output2). You can visually check for the changes
in the output or diff the two files to see the differences between them.
(ie: diff iptables-output1 iptables-output2)
If you see a difference, then something (possibly SeLinux) maybe disabling
or changing your settings... I don't know if SeLinux can or will do something
like this, it's just a thought.
Originally posted by saravkrish Thats not firestarter. Btw, do try firestarter. Just google it. Its an opensource GUI firewall that is very user friendly and has more options.
I have installed firestarter last night. The installation is smooth and easy. I added all the port I need in the inbound policy and start testing. For the first 5 mins, I try to ping my netbios but no response. But then after that when I ping again, it worked. However, when I try to ping the netbios again this morning around 6:00 am, I got no response again.
So, it may be silly to ask, but do I need to turn off iptables service or the default security app from FC3 beforeI used firestarter?
Originally posted by linuxles That's interesting. Haven't seen that problem.
When the machine is unreachable, is the network reachable from the machine?
Here's how you can check to see if the firewall is being changed somehow.
As root: run "iptables -L" and save the output in a file somewhere for later
reference. (ie: iptables -L > iptables-output1)
Then when the machine is unreachable. Run another "iptables -L" and compare
the output with the previous file. You might want to save the output to a different
file. (ie: iptables -L > iptables-output2). You can visually check for the changes
in the output or diff the two files to see the differences between them.
(ie: diff iptables-output1 iptables-output2)
If you see a difference, then something (possibly SeLinux) maybe disabling
or changing your settings... I don't know if SeLinux can or will do something
like this, it's just a thought.
/Les
Thanks, this is a good approach, I will give it a try.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.