View Full Version : firewall confusion FC2
lvanek
11th July 2004, 12:47 PM
Greetings:
This may go down as one of the dumber questions of the day but...
I have upgraded from RH9 to FC2. All is reasonabily well after some suffering.
I note that FC2 comes with some type of firewall. I have configured Shorewall & have it running.
I dont see shorewall in the list of services but "/sbin/service shorewall status" indicates its up.
I do see a service called iptables which I assume uses a table configured by shorewall. What firewall is affected
by choices made through the gnome menu route that takes you to the "Security Level" gui?
My meager understanding of this is that shorewall and other similar programs are just tools to configure iptables. Is there any chance that some lingering table is being used from my RH9 days? How to check this out?
Thank in advance.
Jman
12th July 2004, 11:16 AM
After browsing the Python source in /usr/share/system-config-securitylevel, I found that it is a frontend to lokkit, which I believe is a iptables config tool.
Ned
13th July 2004, 01:01 PM
My meager understanding of this is that shorewall and other similar programs are just tools to configure iptables. Is there any chance that some lingering table is being used from my RH9 days? How to check this out?
Thank in advance.
iptables -L -v
will list your current rules in verbose mode :)
the -F switch will flush all rules and -X will erase all user defined chains should you have any leftovers from RH9. Use with the -t switch for other tables (ie NAT)
Check the switches with iptables --help or check the man pages
Ned
lvanek
13th July 2004, 02:29 PM
Thanks.
My iptables -L -v looks like this:
==============
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
299K 282M RH-Firewall-1-INPUT all -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8667 589K RH-Firewall-1-INPUT all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 248K packets, 23M bytes)
pkts bytes target prot opt in out source destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
3689 1629K ACCEPT all -- lo any anywhere anywhere
13186 1024K ACCEPT all -- eth1 any anywhere anywhere
30 1022 ACCEPT icmp -- any any anywhere anywhere icmp any
0 0 ACCEPT ipv6-crypt-- any any anywhere anywhere
0 0 ACCEPT ipv6-auth-- any any anywhere anywhere
254K 267M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:smtp
36248 13M REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
===============
I find "lokkit" in these places:
/etc/setuptool.d/99lokkit
/usr/sbin/lokkit
Not sure who wrote these rules (lokkit or shorewall). Dont see any ref. to MASQUERADE which might explain why the home network (on eth1) isnot working properly.
lvanek
13th July 2004, 03:00 PM
issue resolved (maybe).
stopping & then starting shorewall created correct table files. Home network now works correctly.
Not sure if this was due to shorewall not starting on boot on not....checking my logs.
Hope I didnt waste anyones time.
vBulletin® v3.8.7, Copyright ©2000-2013, vBulletin Solutions, Inc.
