Re: iptables has amnesia :-)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Mikkel L. Ellertson wrote:
> Don Russell wrote:
>> Mikkel L. Ellertson wrote:
>>> Try running "service ip6tables save" as well, and see if that
>>> helps. Also, check the date/contents of /etc/sysconfig/iptables
>>> to make sure your changes are being saved. If not, look for a
>>> selinux message in the logs about it...
>>>
>>> Mikkel
>>>
>> I did check the contents of /etc/sysconfig/iptables before and
>> did see the new rules there....
>>
>> Using "service ip6tables save" seems to have "done the trick"....
>> is that WAD, or is that bugzilla-able :-)
>>
> Not exactly a WAG, but not based on personal experience. (I have
> IP6 turned off on the local network...) It is more troubleshooting
> experience that gives me ideas on what to try. Something on the
> order of asking yourself what can be affecting firewall rules.
> Start with the easy things - iptables, ip6 tables. Check to make
> sure selinux is not blocking re-writing the rewriting of the rules.
>
>
> If saving the changes to ip6tables "fixes" the problem, as it look
> like it did here, then it looks like there needs to be a change so
> that "service iptables save" updates ip6tables if they are going to
>  affect the rules as well. (And the reverse - saving ip6tables
> should also save iptables.) But I am wondering why the default
> rules are being restored. I am on shaky ground here, because I have
> not looked at the network scripts for a while. Is it because of the
> DHCP lease getting renewed, the network connection dropping, and
> being restored, or something else? I can see the rules needing to
> be reloaded if you get a new IP address. But not just because the
> lease was renewed.
>
> I see that you have filed a bug report, so hopefully this will be
> answered by the people that really know the network scripts...
>
> Mikkel
Mikkel,

I believe Linux actually assumes the lease renewal will change the
IP.  This goes back to the DHCP specification that says that the
renewal will not guarantee the requester the same IP.  Windows took
the opposite approach and all their sub-layers assume they will get
the same IP address and actually request in the renewal the same
address.  If Windows is unable to get the same address then it falls
back to requesting a new address with a new lease renewal requesting a
new address.

- -James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFGzKEfkNLDmnu1kSkRAlS6AJ9mdeglu9KI7tFyPO2dV8fosaPP4gCeJh+i
YSUZSolQ5uuC0GYX53ShxwE=
=vNlX
-----END PGP SIGNATURE-----

-- 
Scanned by ClamAV - http://www.clamav.net

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux