Hello: When I installed CentOS 4.4 (from the ServerCD) on my server, I told it not to install a firewall and I disabled SELinux. The server is a SuperMicro 5015P-TR. I set up my own /etc/init.d/firewall with these rules: #!/bin/sh # Firewall script # # Source function library . /etc/init.d/functions RETVAL=0 # Some definitions (Will need to change ETH0_IP to match your configuration) ETH0_IP=38.114.192.86 # See how we were called. case "$1" in start) echo -n "Starting firewall: " /sbin/modprobe ip_conntrack_ftp # Set the default policies to drop all packets /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT DROP /sbin/iptables -P FORWARD DROP # Flush any existing rules /sbin/iptables -F # Allow loopback traffic /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A OUTPUT -o lo -j ACCEPT # Allow icmp protocol packets /sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p icmp -j ACCEPT /sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p icmp -j ACCEPT # Allow ssh connections from the outside world /sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p tcp --sport 1024: --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT /sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p tcp --sport ssh --dport 1024: -m state --state ESTABLISHED -j ACCEPT # Allow this sever to access DNS /sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p udp --sport 1024: --dport domain -j ACCEPT /sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p udp --sport domain --dport 1024: -j ACCEPT # Log any packets that are left /sbin/iptables -A INPUT -j LOG --log-prefix "INPUT " /sbin/iptables -A OUTPUT -j LOG --log-prefix "OUTPUT " /sbin/iptables -A FORWARD -j LOG --log-prefix "FORWARD " RETVAL=$? echo [ $RETVAL = 0 ] && touch /var/lock/subsys/firewall ;; stop) echo -n "Shutting down firewall: " # Flush the rules /sbin/iptables -F # Set the default policies to accept /sbin/iptables -P INPUT ACCEPT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD ACCEPT RETVAL=$? echo [ $RETVAL = 0 ] && rm -f /var/lock/subsys/firewall ;; *) echo "Usage: firewall {start|stop}" exit 1 esac exit $RETVAL Now, I can ssh to it only from the other machines in the same rack. When I try to ssh to it from outside, I get this error in the /var/log/messages file: Feb 17 23:01:26 tweb kernel: OUTPUT IN= OUT=eth0 SRC=38.114.192.86 DST=24.175.73.85 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=22 DPT=1118 WINDOW=5840 RES=0x00 ACK SYN URGP=0 If I log into the machine and try to ping an external IP, I get no response and nothing in the messages file. Is there some security setting on CentOS 4.4 that limits connectivity? Thanks, Neil -- Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com FREE! Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos