Re: Firewall frustration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

maybe shorewall can do your live so easy.....

--


---------- Original Message -----------
From: Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>
To: CentOS mailing list <centos@xxxxxxxxxx>
Sent: Thu, 3 Jan 2008 08:03:09 -0500
Subject: Re: Firewall frustration

> Christopher Chan wrote:
> >
> >> I tried it. I had everything open. Then I blocked everything. Then I
> >> set up a rule to allow SSH in to eth0 and out eth1 (and the other
> >> way). At least I thought that was what the rules said, but no SSH
> >> connectivity through the firewall. That was when I realized that I
> >> had not found the necessary incantation, and I had already shot most
> >> of tuesday.
> >>
> >
> > Too bad you missed the documentation on netfilter then.
> And that is the crux of the problem. Finding the right documentation....
>
> And to look at documentation on netfilter besides iptables.
> > It would have told you that the INPUT chain controls what comes to the
> > box, the OUTPUT chain what originates from the box and the FORWARD
> > chain what goes through the box.
> >
> > You would have needed a rule in FORWARD to allow ssh connections
> > through the box. The rules in the INPUT and OUTPUT chains would have
> > zero effect on connections going through.
> >
> > Anyways, you have something now but in case you want to give iptables
> > another go...
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > http://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
> --
> Este mensaje ha sido analizado por MailScanner
> en busca de virus y otros contenidos peligrosos,
> y se considera que está limpio.
> For all your IT requirements visit: http://www.transtec.co.uk
------- End of Original Message -------

--
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
MailScanner agradece a transtec Computers por su apoyo. 
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux