On Sat, 2002-03-02 at 22:23, Garrick Staples wrote: > Um, 'chkconfig iptables off'? rpm -e msec? > > Or, disable firewalling in the control center (it's under security)? > > No Garrick , I prefer to manually flush iptables, then just to make sure bastill-netfilter stop that opens it up like a barn door. all this martian rubbish was not on 8.1 which worked
regards richard > > On Sat, Mar 02, 2002 at 10:15:29PM +0000, richard bown alleged: > > Hi all > > I 've had to go back to 8.1. > > Whatever you have done with security is a disaster. > > > > Telneting in to the public interface, ie the one connected to the > > internet,,impossible > > no matter what, and rules are loaded to iptables, all thats eeen is > > martin errors in the syslog. > > > > I use xinetd for port redirection to another machine behind the > > firewall. > > > > this did exactly the same...martian errors, and heres the worst bit > > afetr running for 10 hrs , all attempts to send mail and receive mail > > got connection refused errors, > > smtp, pop3,imap all the same, checked with the isp, 1 hr on the phone. > > not at their end. loaded 8.1 and mail again QED > > > > I dont know who is responsibe for the mandrake security MSEC and > > whatever, I suspect gated is being used, but nothing showed on a "ps ax" > > > > Whoever should realise that not every one want a system which can only > > work one way. > > I need to be able to telnet, ssh from anywhere in the world. > > This is absolutely USELESS to me if I can only use it from home. > > > > Xinetd redirection works well under 8.1, so does bastille-firewall > > the same config scripts were used on 8.2, so again where is the backawrd > > or even in this case forward compatability . > > > > Ok the 3d side is good, none of the problems with the later kernels > > on 8.1. > > > > In its currrent state 8.2b3 is a TOY not a working system, and as for > > comments like add to hosts.allow on the remote machine...should'nt > > need to, it was fully functional before 8.2b3 > > > > > > you guys are so paranoid over security, this time you've gone far too > > far MSEC level 99 is not required. > > I logged into a machine in the States, Seattle, and tried telneting > > to all the ports that are redirected...martian errors > > > > tried port 22 ssh,,,martian errors > > it did manage to return a ping. > > I also saw tcpdump being turned on and off with ipv4 errors. > > > > If any one wants something on the networking side tested no problem. > > If the ipip tunnels had'nt functioned, 8.2 would have been off in 1/2 > > hr. > > > > interfaces that are labelled as internal fuctioned, as did lo > > external interfaces would not function. > > Flushing iptables had no effect. > > system in use > > 700MHzduron , 512M ram 10GB hd, kernels 2.4.17-19mdk & 2.4.18-2mdk.. > > > > In its current state 8.2 could not be released as it cant be used as a > > server.. > > shame it looked good on the install, apart from the freeze when trying a > > live update, > > > > If a table of bug levels I'd put this one on Egyptian level > > > > BR > > Richard > > > > > > >
