[lug] RH8 iptables

Nobuki Matsui nobuki at psych.colorado.edu
Thu Nov 14 14:51:58 MST 2002


I tried narc.  I ended up leaving the original /etc/init.d/iptables
file, otherwise it will not bring up the eth.  I start the narc on
/etc/rc.local and it seems to work fine.

The problem with smtp still persists.   I checked it with 'telnet hostname
25' to do hello session with sendmail.  It refuses connection.  Maybe it
is something to do with sendmail.mc/sendmail.cf.

Nobuki Matsui  
SRRB NOAA CIRES
 
On Thu, 14 Nov 2002, John Hernandez wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hugh Brown wrote:
> 
> | On Thu, 2002-11-14 at 11:55, Nobuki Matsui wrote:
> |
> | >Dear all,
> | >	I would like to know if /etc/sysconfig/iptables file is
> | >self-contained in RH8.  Is there any other file that contains
> | aliases or
> | >some sort?  I find it difficult to tune it and the RH firewall
> | >configuration GUI is too broad.  I'm also having a trouble letting smtp
> | >traffic coming through with RH8 even though it is explicitely stated in
> | >/etc/sysconfig/iptables file.
> |
> |
> | They tend to punch dns through.  Best bet for finding it would be to do
> | grep -r iptables /etc/rc.d/*
> |
> | and then look at the files it returns.
> 
> Nobuki, I would suggest a tool such as NARC to simplify the inital
> creation of a sane ruleset.  It is more specific and flexible than
> RH's tool.  This is just one of many such tools available at
> freshmeat.net.  http://www.knowplace.org/netfilter/narc.html
> 
> The /etc/sysconfig/iptables file can be created by running
> 'iptables-save > /etc/sysconfig/iptables' once you get a working
> ruleset.  Alternately, you should be able to issue the command
> 'service iptables save'.  Your OS will then load these rules at the
> next iptables start.  Be sure to create a backup copy as well, because
> RH's firewall tool (lokkit) will overwrite this file.
> 
> - --
> 
> ~ |  John Hernandez - NOAA Boulder NOC - 303-497-6392
> ~ |  Mailstop R/OM62. 325 Broadway, Boulder, CO 80305
> ~ |  PGP Public Key ID: 586A7E23
> -----BEGIN PGP SIGNATURE-----





More information about the LUG mailing list