On Sat, Mar 02, 2002 at 10:51:30PM +0000, richard bown alleged: > On Sat, 2002-03-02 at 22:23, Garrick Staples wrote: > > Um, 'chkconfig iptables off'? rpm -e msec? > > > > Or, disable firewalling in the control center (it's under security)? > > > > > No Garrick , I prefer to manually flush iptables, then just to make sure > bastill-netfilter stop > that opens it up like a barn door. > all this martian rubbish was not on 8.1 which worked > > regards richard Did you change the policies after flushing the tables? Or perhaps editing the bastille config file and setting things the way you want?
As long as we're just debugging this beta OS... humor me and just disable the firewalling... see if that does what you want. Then maybe provide the list with your findings, suggest some changes, etc. But please leave the rants at the door. thx. > > > > On Sat, Mar 02, 2002 at 10:15:29PM +0000, richard bown alleged: > > > Hi all > > > I 've had to go back to 8.1. > > > Whatever you have done with security is a disaster. > > > > > > Telneting in to the public interface, ie the one connected to the > > > internet,,impossible > > > no matter what, and rules are loaded to iptables, all thats eeen is > > > martin errors in the syslog. > > > > > > I use xinetd for port redirection to another machine behind the > > > firewall. > > > > > > this did exactly the same...martian errors, and heres the worst bit > > > afetr running for 10 hrs , all attempts to send mail and receive mail > > > got connection refused errors, > > > smtp, pop3,imap all the same, checked with the isp, 1 hr on the phone. > > > not at their end. loaded 8.1 and mail again QED > > > > > > I dont know who is responsibe for the mandrake security MSEC and > > > whatever, I suspect gated is being used, but nothing showed on a "ps ax" > > > > > > Whoever should realise that not every one want a system which can only > > > work one way. > > > I need to be able to telnet, ssh from anywhere in the world. > > > This is absolutely USELESS to me if I can only use it from home. > > > > > > Xinetd redirection works well under 8.1, so does bastille-firewall > > > the same config scripts were used on 8.2, so again where is the backawrd > > > or even in this case forward compatability . > > > > > > Ok the 3d side is good, none of the problems with the later kernels > > > on 8.1. > > > > > > In its currrent state 8.2b3 is a TOY not a working system, and as for > > > comments like add to hosts.allow on the remote machine...should'nt > > > need to, it was fully functional before 8.2b3 > > > > > > > > > you guys are so paranoid over security, this time you've gone far too > > > far MSEC level 99 is not required. > > > I logged into a machine in the States, Seattle, and tried telneting > > > to all the ports that are redirected...martian errors > > > > > > tried port 22 ssh,,,martian errors > > > it did manage to return a ping. > > > I also saw tcpdump being turned on and off with ipv4 errors. > > > > > > If any one wants something on the networking side tested no problem. > > > If the ipip tunnels had'nt functioned, 8.2 would have been off in 1/2 > > > hr. > > > > > > interfaces that are labelled as internal fuctioned, as did lo > > > external interfaces would not function. > > > Flushing iptables had no effect. > > > system in use > > > 700MHzduron , 512M ram 10GB hd, kernels 2.4.17-19mdk & 2.4.18-2mdk.. > > > > > > In its current state 8.2 could not be released as it cant be used as a > > > server.. > > > shame it looked good on the install, apart from the freeze when trying a > > > live update, > > > > > > If a table of bug levels I'd put this one on Egyptian level > > > > > > BR > > > Richard > > > > > > > > > > > > >
