Redhat 8.0 Firewall

nelse23 · 03-31-2003, 09:44 PM

I'm trying to use IP Masquradeing to connect an older computer to Redhat 8.0. I haven't been able to allow it to connect.

I've noticed that if I attempt to change the security level it doesn't seem to work.

It's usually set to High.

I try to change it to Medium and allow different incoming connections.

I save it, but when I go back to it later, it's set back to High.

Anyone have any ideas on this?

bentz · 03-31-2003, 09:47 PM

For RedHat, the output of
/etc/rc.d/init.d/iptables status
--or--
/etc/rc.d/init.d/ipchains status
would be helpful here. It will display all your firewall rules, and hopefully someone will be able to answer your questions.

Crashed_Again · 03-31-2003, 09:59 PM

The GUI for Firewall Settings just doesn't make any sense to me. Just like you said, it seems that when you make a change and then go back nothing changes. Just use the commands that bentz said to see your current firewall rules or do:

iptables -L

bentz · 03-31-2003, 10:28 PM

I'm not at all familiar with the GUI tools... But: If you make rule changes, you will need to save them so that they survive a reboot. Use the command 'iptables-save > /etc/sysconfig/iptables'. This will write your current ruleset to a configuration file, which will be read upon the next reboot or '/etc/rc.d/init.d/iptables start'. There is also an iptables-restore, but I'm too lazy to RTFM for that one.

green_dragon37 · 03-31-2003, 10:57 PM

Get Guarddog. I did, works wonderfully.

http://freshmeat.net/projects/guarddog/

nelse23 · 04-01-2003, 06:24 AM

I'll give these a try. Thanks for your help.

nelse23 · 04-01-2003, 08:16 AM

I ran iptables status and here's what I got:

Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (0 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:S
YN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:S
YN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags
:SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- ns02.toresd01.pa.comcast.net anywhere udp spt:dom
ain
ACCEPT udp -- ns01.toresd01.pa.comcast.net anywhere udp spt:dom
ain
REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,AC
K/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp reject-with icmp
-port-unreachable

I'm not sure if everything is alright here.