RE: Firewall setting

[Scott Stone <SStone@example.com>]

You should rip it out and rebuild it yourself anyway.  That will give you a
much better understanding of how the firewall works, and will make things
much easier if you need to debug.

I'd suggest a 2.4 kernel with iptables, as that is a much better firewall
package than 2.2 + ipchains.

> -----Original Message-----
> From:	legend [SMTP:fukudam@example.com]
> Sent:	Monday, April 30, 2001 7:05 PM
> To:	tlug@example.com
> Subject:	RE: Firewall setting
> 
> First of all, let me say thank you, Mr. Byrne and Mr. Stone,
> for your prompt replies with very helpful information.
> 
> > During the install, Red Hat 7.1 gives you a choice
> > of no firewalling, medium security firewalling, or
> > maximum security firewalling.
> Yes, I remember this very well. I thought it was a
> good thing for users, that RedHat is giving an option
> to have firewall by default (for obvious reasons).
> 
> I remeber putting a medium security level, but never
> bothered to customize the specific ports at installation
> time cuz I thought I could change it later. And I guess
> the problem was that I had no idea how I was supposed
> to customize it later...  (^^;;
> 
> you should build the firewall yourself, using the precanned one is no way
> for you to understand what's going on.  If you build it yourself, you'll
> be more easily able to troubleshoot it, AND you'll have a much better
> understanding of how it works.
> 
> 
> > You can find your current rules in /etc/sysconfig/ipchains.
> > You can find an ipchains howto in /usr/share/doc/ipchains-1.3.10.
> > There is also a GUI config tool called firewall-config
> Yes, I checked it and found out that all the ports between
> 0 and 1024 were blocked for incoming accesses.
> To be sure, I changed the default port of apache from
> 80 to 7000, and voir la, it works! I could access the
> apache server from other computers.
> 
> So now I knew for sure that the firewall config was
> the cause (or more like my ignorance). I actually
> downloaded rpm for firewall-config to configure the
> firewall setting, but I guess it was not intuitive enough
> for me to use. First of all, the previous settings don't
> show up in the interface just as you wrote:
> > noted is that if I run it, it does not seem to load my
> > existing /etc/sysconfig/ipchains file, yet the help from
> I was hoping that I could just modify whatever was in
> /etc/sysconfig/ipchains to fix the problem.
> 
> Anyways, soon enough I realized that
> /etc/sysconfig/ipchains was originally configured with
> /usr/sbin/lokkit (the first line of ipchains says that the
> file was written by lokkit). So I used lokkit to change
> the setting. It's exactly the same interface as the one
> you encounter in the installation process. Very easy
> to handle. I just chose the ports that I wanted to be
> accessible (ssh, web server, ftp).. and it's all done.
> 
> Again, thanks a lot. I needed to demo some network-
> related program tomorrow, and I was gonna use my
> laptop to do that... (no use if it wasn't accessible from
> other computers, right?)
> 
> > Before I get answer, please start a new thread when
> > changing topics, don't just change the subject.  For
> > those with email clients that do threading, it creates
> > an ugly mess if you don't.
> And I'm sorry about messing up the thread. When I
> hit reply, it showed tlug@example.com at TO: field,
> so I assumed it would create a new thread if I just
> changed the subject of the e-mail. My bad, I'll be
> careful next time.
> 
> -mune
> 
> 
> P.S.   Do you mind if I forward your replies to other
> people who have similar problems? I've actually posted
> my question to my school's Linux user group. And I
> haven't got really useful info. Someone also replied to
> me saying that he has exactly the same problem.
> 
> #    I just setup a 7.1 system and I have the same problem.  I can access
> the
> # box from itself  i.e. ssh me works fine but from any other system it's
> no
> # go.  I've checked daemons, hosts.allow, hosts.deny, xinetd, emailed
> redhat,
> # and asked around but have no answer yet.  Please let me know if you
> solve
> # this.  I solved it by re-installing 7.0.
> #
> # Todd
> 
> 
> -----------------------------------------------------------------------
> Next Technical Meeting:  Sat, May 12 13:30- 
> Next Nomikai Meeting:    Fri, June (TBA) 19:30- Tengu Tokyo Eki Mae
> -----------------------------------------------------------------------
> more info: http://www.tlug.gr.jp           Sponsor: Global Online Japan