LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-05-2002, 04:02 PM   #1
Ange062
LQ Newbie
 
Registered: Nov 2002
Location: Texas
Distribution: Red Hat 8
Posts: 3

Rep: Reputation: 0
Firewall Problems


Im very new to Linux, and just starting to know my way around. Im using Red Hat 8, and i am trying to set up a VNC to control it via my WinXP computer (i only have one monitor). The firewall settings are not letting me do this.

I have tried to disable the firewall by changing the security level under system settings, but it doesnt work. I press save, but when i go back in to check the settings, they are back at high. I also tried using a gnome-lokkit command in the terminal to disable, and the same thing happens, they settings arent saved

I have tried from both root and my normal user name, with no success. I have also checked to make sure the ipchains is activated and running before doing this. Anybody know how i can diable the firewall on my system?
 
Old 11-05-2002, 04:47 PM   #2
amp2000
Member
 
Registered: Oct 2001
Location: Dublin, Ireland
Distribution: Mandrake 9.0 mostly!
Posts: 303

Rep: Reputation: 30
What firewall are you using? If your using ipchains do the following command as root "/etc/rc.d/inet.d/ipchains stop" or "service ipchains stop" without the quotes, I never used red hat so they mightnt work.

Hope that helps

By the way, the above fix is NOT permanent!

Cheer's
amp2000
 
Old 11-05-2002, 04:56 PM   #3
Ange062
LQ Newbie
 
Registered: Nov 2002
Location: Texas
Distribution: Red Hat 8
Posts: 3

Original Poster
Rep: Reputation: 0
The only firewall that is running is the one that is built into RH8. When i was installing the OS, i chose to use the highest settings for internet security, which is blocking most ports etc.

I am just trying change the security to off, in which there is no firewall or blocking, so that i can use VNC.
 
Old 11-05-2002, 05:33 PM   #4
amp2000
Member
 
Registered: Oct 2001
Location: Dublin, Ireland
Distribution: Mandrake 9.0 mostly!
Posts: 303

Rep: Reputation: 30
Again, I dont know redhat, but what happens when you type "service ipchains status" ??

Sorry I cant help more, but hang around, there's plenty of people here that know redhat inside out and will help you..
 
Old 11-05-2002, 06:30 PM   #5
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Rep: Reputation: 30
try this:

rmmod ipchains

OR

ipchains -F

OR

rmmod iptables

OR

iptables -F

the * -F commands will flush either iptables or ipchains. i'm not sure which RH8 uses by default, as i'm a slack user. but the default firewall with either be iptables or ipchains. check your modules by typing "lsmod" and if you see either of them you can unload the modules with the "rmmod" command.
 
Old 11-06-2002, 02:38 AM   #6
Vaevictus
LQ Newbie
 
Registered: Nov 2002
Location: Wales
Distribution: Red Hat 8.0
Posts: 14

Rep: Reputation: 0
I have also had these problems with redhat 8 when trying to change firewall settings to open up some ports.
It seems it will not save the changes
 
Old 11-06-2002, 10:00 AM   #7
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Rep: Reputation: 30
there aren't any changes to be "saved". the firewall configuration is stored in memory. in many systems, there's a file which has the firewall configuration info, which is: /etc/rc.d/rc.firewall.

again, i'm speaking as a slackware user, and it might be different on RH8. but if you want to open up ports or make changes to your existing firewall, you'll need to modify that file, and then re-execute it to initiate the new changes.

as for exactly how to make these modifications, you'll have to man iptables or ipchains and do some reading.

hope this helps.

Last edited by Syncrm; 11-06-2002 at 10:02 AM.
 
Old 11-06-2002, 10:42 AM   #8
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 250Reputation: 250Reputation: 250
moved: more suitable for networking forum.
 
Old 11-18-2002, 11:11 PM   #9
DKnight
LQ Newbie
 
Registered: Oct 2002
Location: Miami as in FL
Distribution: MANDRAKE 9.1
Posts: 21

Rep: Reputation: 15
Did anyone find a solution to this? I don't seem to have a way to verify that port 5900 (vnc, which started this whole firewall odyssey) is receiving any data or is being blocked by the build in firewall in redhat 8.0.

On my box there is no /usr/sysconfig/ipchains file and lokkit reports that the firewall is set to HIGH security (high security bites for my purposes). Anyway to 'fix' lokkit or manually configure the firewall? This seems to be a pretty redhat 8.0 specific issue, any rh8 guru's out there?

Thanks in advance for any help ... this site generally rocks for troubleshooting and info dissemination.
 
Old 11-19-2002, 10:48 PM   #10
DKnight
LQ Newbie
 
Registered: Oct 2002
Location: Miami as in FL
Distribution: MANDRAKE 9.1
Posts: 21

Rep: Reputation: 15
Actually I believe I have figured it out...

I have 3 RH8 machines and had a web server on one ... it was working fine (apache 2.0) til yesterday. While I was working on the firewall for another RH8 server I went in to see what the firewall settings where on my apache server...I saw (with lokkit) that my firewall seemed to be turned to high even though I was serving pages just fine. The interesting part was when I exited I just hit OK in lokkit with the firewall selector on HIGH, figuring that lokkit was just broken and as such not affecting anything. But when I tried to reach my site from work this morning it wouldn't connect and I couldn't connect to my ftp server either ... Seems that I had turned the firewall on by hitting the ok button while the selector was on high... I ran lokkit again (again it said setting was HigH) and selected No Firewall then hit ok and tried to get pages again... this time they were served right up and the site worked fine.. I went in to lokkit a third time and again it said high ... this time I canceled out of it and it didnt reset my firewall to High.

Theories:
1-Lokkit and the RH tools will alway say that your firewall is set to high...BUT they are actually just displaying THEIR DEFAULT SETTING NoT displaying your CURRENT settings!!

2-Lokkit and the RH tools do allow you to change the settings of your firewall they just have NO CONFIRMATION mechanism and do not show your current settings when you invoke them. They only show you the defaults rh built into them.

3- About your VNC problem ... I have vncserver running just fine (now) ... (after using lokkit to turn off your firewall ....) if you have a broadband internet connection with a SOHO router or some other gateway hardware you will need to route certain ports to the machine you want to control. I looked up the ports FAQ from the VNC site and here it is:

Start of FAQ*********************
Q53 Which TCP/IP ports does VNC use?

A VNC server listens on two ports. The exact port numbers depend on the VNC display number, because a single machine may run multiple servers. The most important one is 59xx, where xx is the display number. The VNC protocol itself runs over this port. So for most PC servers, the port will be 5900, because they use display 0 by default.

In addition, VNC servers normally have a small and very restricted web server built in, which allows you to connect a browser to them and use the Java viewer. This runs on port 58xx. Note that this is the HTTP port used for downloading pages and applets, but once the applet is running it uses 59xx for VNC just like any other viewer.

The servers can be changed to listen on other ports if, for any reason, these are not suitable for you. See the server's documentation for more details. Most of the viewers, if given a display number larger than 99, will interpret it as a direct port number and will not add 5900. See also the next question.

If you are running a viewer in 'listening' mode, where it accepts connections initiated by the server, it will listen for incoming VNC on port 5500.
END OF FAQ*******

So...where was I .... ahhh yes -> Also when using the vncviewer program to control your machine don't forget to include the vnc display number as part of the IP address or site name like so:

52.30.195.166:1

or

baddog.myftp.com:1

the :1 references the display number, in this case 1 (zero is the default). Also if you are using display #1 then you would have to route port 5901 to your box as opposed to 5900 for display number 0 or 5905 for display number 5 etc ... etc ...

Sorry for the long post but I just want this thread to be complete so the next poor bloke won't have to figure this stuff out the hard way!

-DKNIGHT
 
Old 11-20-2002, 06:34 PM   #11
kofi
Member
 
Registered: Aug 2002
Location: Atlanta
Distribution: Redhat Linux 7.2 & 7.3 + 8.0
Posts: 59

Rep: Reputation: 15
Dont know if you got your problem resolved but i run redhat 8.0 too and i understand your frustrations that when you use setup and set the firewall low it never saves the changes. What worked for me was to completey disable the firewall bundled with redhat and installing my own firewall rule set by either issuing the comman

"serviceconf" and unchecking ipchains, iptables and ip6tables or you can also do a query on all 3 say:

chkconfig --list ipchains or
chkconfig --list iptables or
chkconfig --list ip6tables

this will tell you all the run-levels the firewall rules are running on and you can then disable it like this:

chconfig --level=12345 ipchains off

(i.e. if it is running on levels 1 through 5)

You might have to do it for all 3 to completely stop all their crappy firewall from running.

Hope this helps.
 
Old 11-21-2002, 07:42 AM   #12
cottonmouth
Member
 
Registered: May 2002
Location: under the fig tree
Distribution: Redhat 8.0, Mandrake 9.0
Posts: 87

Rep: Reputation: 15
I think the command is

chkconfig --level 0123456 ipchains off

You can always go the Windows route and format and re-install.
 
Old 11-21-2002, 11:33 AM   #13
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Ok,
RH8 doesn't use ipchains... only iptables.

Lokkit is a very basic rule generator and should be removed if you intend to do anything serious with your rules...
rpm -e lokkit

Have a look at firestarter as a rule tool and also some tutorials to help understand what you're doing.

The final stored ruleset in an original RH8 will be in /etc/sysconfig/iptables
It is created with 'service iptables save'
and is used when iptables starts at boot.

With Firestarter, you will have a separate script.
It's possible to have these two interfere with each other if you don't disable iptables at boot time before you start the Firestarter script.
chkconfig --level 2345 iptables off

What will save you a lot of grief, is adding -j LOG rules everywhere to track the packets. Find where they are dropped and make rules to allow them. Also makes sure the packets actually enter your system...

Have fun !
 
Old 01-15-2003, 03:54 PM   #14
dcatkin
LQ Newbie
 
Registered: Dec 2002
Location: Salt Lake, Utah
Distribution: Red Hat 8.0
Posts: 2

Rep: Reputation: 0
RH 8.0 Fire Wall

You config file for the firewall is located in /etc/sysconfig/ipcahins, this is where you need to make the changes so you can open some ports, their is no straight firewall config file, but if you want to change it this would be where.
 
Old 01-16-2003, 06:48 AM   #15
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Sorry David,
can't agree with that...

The default file is '/etc/sysconfig/iptables' and it is in a special format from the 'iptables-save' command.

Using the command line 'iptables ' will make the change immediately,
editing /etc/sysconfig/iptables' means you must restart iptables to re-read this file, likewise with a script file.
There is the ever present danger of adding an iptables rule by the command line but not saving it, then making a change in the '/etc/sysconfig/iptables' file, restarting iptables and losing your previous command line entries.
Confusion is the #1 killer when adjusting rules...

I personally test with the command line, then add the rules by hand to '/etc/sysconfig/iptables' rather than using 'service iptables save' or 'iptables-save > /etc/sysconfig/iptables'. I do this for several reasons, but I know what I am doing.

There is a good balance between command line entries, editing scripts and editing '/etc/sysconfig/iptables' directly. I put the last option last because I have found that is where it belongs..

Last edited by peter_robb; 01-16-2003 at 06:54 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall Problems Rick069 Linux - Security 2 08-16-2005 10:20 AM
Firewall Problems fannymites Linux - Software 3 12-03-2004 05:37 PM
Firewall problems Dummy-in-Linux Linux - Newbie 5 06-17-2004 02:36 AM
Firewall Problems susesarus Linux - Newbie 5 08-04-2003 05:30 AM
Firewall problems lcadwell Linux - Networking 5 08-07-2001 04:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration