Hi all,
I am having some serious issues with my firewall ruleset.
Some background ... I baselined the system and reinstalled Redhat 9.0 on my server last week. Everything has been running fine, however things went wrong yesterday when I tried upping the security on the firewall.
I downloaded
apf and installed it, ran thru the configuration, and left it in dev mode "just in case". This of course dropped my connection immediately! But five minutes later I was able to remote in. A copy of the config file is
here.
I've since removed the program, ensured it wasn't running (via
service and
chkconfig), and went so far as to remove the executable then reboot.
This may have nothing to do with the problem, but it is the only firewall-related action I've taken on the server.
The current problem is that, after rebooting and issuing my firewall-config script, NAT works for a few minutes, then drops. I can access the server (e.g. ssh) from the LAN, and I can access the internet from the server, but the server is not NATing.
The firewall rules I am using, I have been using for about 2 years; suffice to say they are not the problem. However, I'll note that the following two lines
do exist, in order to enable NAT...
Code:
# Masquerade local subnet
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
If I should post the full firewall ruleset, please let me know and I'll make them available.
If someone can recommend where to check or how to override what is going on, please let me know! Otherwise I am going the way of the reinstall, as I've already spent as much time troubleshooting this problem as it would have taken to baseline the system and reconfigure it.