[lug] RH8 iptables
Nobuki Matsui
nobuki at psych.colorado.edu
Thu Nov 14 14:51:58 MST 2002
I tried narc. I ended up leaving the original /etc/init.d/iptables
file, otherwise it will not bring up the eth. I start the narc on
/etc/rc.local and it seems to work fine.
The problem with smtp still persists. I checked it with 'telnet hostname
25' to do hello session with sendmail. It refuses connection. Maybe it
is something to do with sendmail.mc/sendmail.cf.
Nobuki Matsui
SRRB NOAA CIRES
On Thu, 14 Nov 2002, John Hernandez wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hugh Brown wrote:
>
> | On Thu, 2002-11-14 at 11:55, Nobuki Matsui wrote:
> |
> | >Dear all,
> | > I would like to know if /etc/sysconfig/iptables file is
> | >self-contained in RH8. Is there any other file that contains
> | aliases or
> | >some sort? I find it difficult to tune it and the RH firewall
> | >configuration GUI is too broad. I'm also having a trouble letting smtp
> | >traffic coming through with RH8 even though it is explicitely stated in
> | >/etc/sysconfig/iptables file.
> |
> |
> | They tend to punch dns through. Best bet for finding it would be to do
> | grep -r iptables /etc/rc.d/*
> |
> | and then look at the files it returns.
>
> Nobuki, I would suggest a tool such as NARC to simplify the inital
> creation of a sane ruleset. It is more specific and flexible than
> RH's tool. This is just one of many such tools available at
> freshmeat.net. http://www.knowplace.org/netfilter/narc.html
>
> The /etc/sysconfig/iptables file can be created by running
> 'iptables-save > /etc/sysconfig/iptables' once you get a working
> ruleset. Alternately, you should be able to issue the command
> 'service iptables save'. Your OS will then load these rules at the
> next iptables start. Be sure to create a backup copy as well, because
> RH's firewall tool (lokkit) will overwrite this file.
>
> - --
>
> ~ | John Hernandez - NOAA Boulder NOC - 303-497-6392
> ~ | Mailstop R/OM62. 325 Broadway, Boulder, CO 80305
> ~ | PGP Public Key ID: 586A7E23
> -----BEGIN PGP SIGNATURE-----
More information about the LUG
mailing list