Re: [CentOS] Centos Firewall - router with virtual IP
On Fri, 4 Nov 2011, Fajar Priyanto wrote: On Fri, Nov 4, 2011 at 10:15 AM, KevinO ke...@kevino.org wrote: anyways, whatever, yes, you can do it with iptables, but not all off the shelf firewall script generators will support multiple LAN subnets. I usually write my own iptables rulesets. I can say first hand that fwbuilder easily handles managing scripts for multiple subnets and aliased addressing on NIC's. I use separate interface cards for each subnet, however. (5 NIC's, 4 internal subnets, 3 public IP's on the one external facing NIC) Hi Kevin, Expanding my original question. I have a need to open and close iptables rules based on particular time, say 1 week later, 1 month later, etc. Currently I have a simple script to do that: - Create the rules. - Create atd job to delete the rule based on the defined time. - Log it. It works, but not elegant :) Does fwbuilder have that function? Fwbuilder does indeed have time objects in it, although I have never used them. The docs at http://fwbuilder.org are pretty extensive and the devs hang out on the mailing lists and regularly answer questions or provide pointers to the relevant docs. Hope this helps. -- Tom m...@tdiehl.org Spamtrap address me...@tdiehl.org___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On Sat, Nov 5, 2011 at 11:19 PM, m...@tdiehl.org wrote: Does fwbuilder have that function? Fwbuilder does indeed have time objects in it, although I have never used them. The docs at http://fwbuilder.org are pretty extensive and the devs hang out on the mailing lists and regularly answer questions or provide pointers to the relevant docs. Hi Tom! You're right. http://www.fwbuilder.org/4.0/docs/users_guide/time-interval-objects.html Perfect for me!! Thank you :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
Il 03/11/2011 3.34, Fajar Priyanto ha scritto: Hi all, I haven't found anything in Google about this. I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. Thank you. Fajar. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I use shorewall for this http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html Amedeo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
El 03/11/11 11:16, News escribió: Il 03/11/2011 3.34, Fajar Priyanto ha scritto: Hi all, I haven't found anything in Google about this. I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. Thank you. Fajar. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I use shorewall for this http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html Amedeo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I use Firewall Builder http://www.fwbuilder.org to manage the ruleset and I am very happy with it. For spanish list subscribers, here you have a post I have written for my blog: http://www.securitybydefault.com/2011/09/firewall-builder-la-gui-para-tu.html -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
Vreme: 11/03/2011 11:16 AM, News piše: Il 03/11/2011 3.34, Fajar Priyanto ha scritto: Hi all, I haven't found anything in Google about this. I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. I use shorewall for this http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html +1 You also need to be sure what you want to do exactly. If subnets need to be behind hat firewall, but routed and not NATed, then you are not to use Virtual IP's, but to implement pass-through/routing. Virtual IP's are only used for NAT-ing, not for routing subnets. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On Thu, 3 Nov 2011, Lorenzo Martínez Rodríguez wrote: El 03/11/11 11:16, News escribió: Hi all, I haven't found anything in Google about this. I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. I would not know why there would be a problem. My external interface on my iptables firewall has 30 ip addresses on it. Been running it that way for 8 or 10 years. I use Firewall Builder http://www.fwbuilder.org to manage the ruleset and I am very happy with it. +1 for fwbuilder. I have been using it since it was version 1.x. It is now 5.x and you would be hard pressed to pry it out of my cold dead hands. :-) Besides the fact that the program does a very good job of managing iptables firewalls, the devs are very responsive to bug fixes and feature enhancements. Regards, -- Tom m...@tdiehl.org Spamtrap address me...@tdiehl.org___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On 11/02/11 7:34 PM, Fajar Priyanto wrote: I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. now, when you say 'virtual IP', do you mean alias IPs on your WAN (outside) interface(s), or multiple private subnets on the LAN (inside) interface(s) ? none of those are 'virtual' in any sense I'd use that adjective. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On Fri, Nov 4, 2011 at 6:59 AM, John R Pierce pie...@hogranch.com wrote: On 11/02/11 7:34 PM, Fajar Priyanto wrote: I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. now, when you say 'virtual IP', do you mean alias IPs on your WAN (outside) interface(s), or multiple private subnets on the LAN (inside) interface(s) ? none of those are 'virtual' in any sense I'd use that adjective. Hi John, thanks for asking. My firewall setup is like this: Physical NIC: eth0 - to outside world eth1 - to LAN There is masquerading in eth0 so LAN can go to internet Now, I'm adding some virtual interface eth1:0, eth1:1... so on to accommodate new subnets created in the LAN. My concern comes from question... how does the MAC addressing is handled (by the switches and the OS)? Because wouldn't eth1:0, etc be sharing the same MAC address as eth1? Will there be any problem or confusion in the network? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On 11/03/11 5:43 PM, Fajar Priyanto wrote: Now, I'm adding some virtual interface eth1:0, eth1:1... so on to accommodate new subnets created in the LAN. whats the point of having multiple subnets on the same physical LAN segment ? if you want to isolate separate local networks, you really should use separate physical adapters with separate switches... or VLAN switching if you have a switch that supports VLAN trunking. anyways, whatever, yes, you can do it with iptables, but not all off the shelf firewall script generators will support multiple LAN subnets. I usually write my own iptables rulesets. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On 11/03/2011 06:54 PM, John R Pierce wrote: On 11/03/11 5:43 PM, Fajar Priyanto wrote: Now, I'm adding some virtual interface eth1:0, eth1:1... so on to accommodate new subnets created in the LAN. whats the point of having multiple subnets on the same physical LAN segment ? if you want to isolate separate local networks, you really should use separate physical adapters with separate switches... or VLAN switching if you have a switch that supports VLAN trunking. anyways, whatever, yes, you can do it with iptables, but not all off the shelf firewall script generators will support multiple LAN subnets. I usually write my own iptables rulesets. I can say first hand that fwbuilder easily handles managing scripts for multiple subnets and aliased addressing on NIC's. I use separate interface cards for each subnet, however. (5 NIC's, 4 internal subnets, 3 public IP's on the one external facing NIC) -- KevinO ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On Fri, Nov 4, 2011 at 10:15 AM, KevinO ke...@kevino.org wrote: anyways, whatever, yes, you can do it with iptables, but not all off the shelf firewall script generators will support multiple LAN subnets. I usually write my own iptables rulesets. I can say first hand that fwbuilder easily handles managing scripts for multiple subnets and aliased addressing on NIC's. I use separate interface cards for each subnet, however. (5 NIC's, 4 internal subnets, 3 public IP's on the one external facing NIC) Hi Kevin, Expanding my original question. I have a need to open and close iptables rules based on particular time, say 1 week later, 1 month later, etc. Currently I have a simple script to do that: - Create the rules. - Create atd job to delete the rule based on the defined time. - Log it. It works, but not elegant :) Does fwbuilder have that function? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On 11/03/2011 08:03 PM, Fajar Priyanto wrote: On Fri, Nov 4, 2011 at 10:15 AM, KevinO ke...@kevino.org wrote: anyways, whatever, yes, you can do it with iptables, but not all off the shelf firewall script generators will support multiple LAN subnets. I usually write my own iptables rulesets. I can say first hand that fwbuilder easily handles managing scripts for multiple subnets and aliased addressing on NIC's. I use separate interface cards for each subnet, however. (5 NIC's, 4 internal subnets, 3 public IP's on the one external facing NIC) Hi Kevin, Expanding my original question. I have a need to open and close iptables rules based on particular time, say 1 week later, 1 month later, etc. Currently I have a simple script to do that: - Create the rules. - Create atd job to delete the rule based on the defined time. - Log it. It works, but not elegant :) Does fwbuilder have that function? I'm not sure, and I don't have time to fire it up and check right now. I don't have the latest version, anyway. I think there is an extensive manual on the project's website and that will give you all of the details. -- KevinO ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos Firewall - router with virtual IP
Hi all, I haven't found anything in Google about this. I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. Thank you. Fajar. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
on 4-24-2009 3:51 PM Jason Todd Slack-Moehrle spake the following: Hi All, I am new to CentOS and I signed up for a Mosso Cloud Server that runs Cent OS 5.2 I can ssh in. I ran: yum install vnc vnc-server then: vncserver (and set desktop viewing password) But I cannot connect. How do I add 5900 to the centos firewall? How do I edit the conf file? I only have SSH ability at this point... -jason If I remember right, vnc runs on 5900+ the number of the server started. So the first one would be on 5901, the next on 5902, etc... signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
[r...@server1 bin]# man iptables No manual entry for iptables [r...@server1 bin]# man ipchains No manual entry for ipchains [r...@server1 bin]# So is there something wrong with what they set me up with? seems as though you need to install iptables package [r...@server1 /]# uname -a Linux Server1 2.6.24-23-xen #1 SMP Mon Jan 26 03:09:12 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux But if iptables is not installed, how is port 5900 being blocked? maybe the xen host is blocking them. Maybe upstream router is blocking. why not just use freenx and run everything through ssh port which clearly isn't blocked? It's faster and better anyway. Craig Or you can use X11Forwarding sshd option. To use it you shoud put X11Forwarding yes option to/etc/ssh/sshd_config on server side, and use ssh -X usern...@server command on client side to connect to the server. After it all GUI program wich you will start on ssh-shell will display on client computer. (This all work if your client computer is based on *nix system such is Linux, if you have MS Windows on client computer you must use the xming+putty software to do this) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On Sat, Apr 25, 2009 at 08:37:45AM +0400, Mintairov Mihail wrote: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 TRANSITIONAL//EN HTML Please don't post html in this mailing list. -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgps5cRqr76P2.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On Fri, Apr 24, 2009 at 04:33:20PM -0700, Jason Todd Slack-Moehrle wrote: [r...@server1 /]# uname -a Linux Server1 2.6.24-23-xen #1 SMP Mon Jan 26 03:09:12 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux Ask your hoster, this is definitely NOT a CentOS provided kernel. Who knows what else has been changed on your distribution, but this is no longer CentOS. see http://wiki.centos.org/irc_centos_request Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpjZlxOltqel.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On Friday 24 April 2009 18:51, Jason Todd Slack-Moehrle wrote: How do I add 5900 to the centos firewall? How do I edit the conf file? I don't know your knowledge so Lets go through this step by step. Commands will be between []. Examples will be between ''. You are looking to see why port 5900 is blocked. Are you sure something is listening on this port? Check to see if port 5900 is listening with the following: [lsof -i] If that port is not listed or if the service is listening on another port you should see this now. If not then start the service and try to connect again. Still having issues connecting then we should check the firewall. First lets see if the firewall is up: [service iptables status] If the firewall is up this should give you a list of all the rules present. If the firewall is not running it will state firewall is not running. If the firewall is not running, vcn is running and you still cannot connect the problem is outside your control and you will have to talke with your service provider. Even if the firewall is running the service provider can still be blocking the port so after ensureing/configuring the below and you are still unable to connect you need to contact the service provider and question them. If the firewall is running you now have to figure out how it is being started. Some people use the default method (myself included) and some use scripts (which I believe is because they do not know how or understand how to configure the default setup). First let us check in what run level the system is started. [grep id: /etc/inittab] You should see something like 'id:3:initdefault:' This is run level 3 and all my startup scripts are going to start from '/etc/rc.d/rc3.d'. Look in this directory for anything that might be iptables or firewall related. As stated above some time a script other then the default is used to start the firewall. Do you see anything other then iptables? Scripts starting with a 'K' are not run and those with an 'S' are. We should also check rc.local to ensure there is nothing being started there that might over ride firewall if it is started in 'rc3.d'. If you have determined that the firewall is being started the default way and it is up and running then /etc/sysconfig/iptables is the file you have to look at and edit. If the firewall is being started using another method then you are going to have to look at that script to determine how to correct/update that script. You can edit the file with 'vim' or 'vi', depending on what is installed on your system, from the command line. Here is a link to a very good IPTABLES Tutorial. http://iptables.rlworkman.net/chunkyhtml/index.html -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
Jason Todd Slack-Moehrle wrote on Fri, 24 Apr 2009 16:20:24 -0700: There is something fundamental that I am missing and having never used CentOS is probably not helping. I think the point is that you are *not* on CentOS. Your system is *derived* from CentOS. You should contact your hoster. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
Jason Todd Slack-Moehrle wrote on Fri, 24 Apr 2009 15:51:13 -0700: I only have SSH ability at this point... That's good enough. If you are not comfortable with managing the system from the command line then use Webmin. Some think that is unsafe, but it is surely several degrees safer than using blank VNC over the net. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
Jason Todd Slack-Moehrle wrote on Fri, 24 Apr 2009 16:04:23 -0700: and looking for /etc/sysconfig/iptables you have to install iptables. Then you get iptables-config. The file you mention is created when you save the state of iptables with service iptables save. And the rules are loaded from it on next startup. For that there have to be rules added to iptables (via command-line, not added to the file), of course! Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] centos firewall?
Hi All, I am new to CentOS and I signed up for a Mosso Cloud Server that runs Cent OS 5.2 I can ssh in. I ran: yum install vnc vnc-server then: vncserver (and set desktop viewing password) But I cannot connect. How do I add 5900 to the centos firewall? How do I edit the conf file? I only have SSH ability at this point... -jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Todd Slack-Moehrle wrote: Hi All, I am new to CentOS and I signed up for a Mosso Cloud Server that runs Cent OS 5.2 I can ssh in. I ran: yum install vnc vnc-server then: vncserver (and set desktop viewing password) But I cannot connect. How do I add 5900 to the centos firewall? How do I edit the conf file? I only have SSH ability at this point... -jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Learn how to add ports to your iptables file, then it should work. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknyQ+cACgkQe0Ain3PYkIboVACeP7YRfEm7BmLH6X4rvkcx55l/ 5CcAn1Y+7j2eZh86SatlwrvE3IHG2Zr6 =nxds -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On 24-Apr-09, at 3:51 PM, Jason Todd Slack-Moehrle wrote: Hi All, I am new to CentOS and I signed up for a Mosso Cloud Server that runs Cent OS 5.2 I can ssh in. I ran: yum install vnc vnc-server then: vncserver (and set desktop viewing password) But I cannot connect. How do I add 5900 to the centos firewall? How do I edit the conf file? I only have SSH ability at this point... -jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running: # setup It should be pretty self explanatory once in there. d ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
Hi, How do I add 5900 to the centos firewall? How do I edit the conf file? Learn how to add ports to your iptables file, then it should work. OK, maybe I should have been more clear and stated that I am following: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-fw.html and looking for /etc/sysconfig/iptables or /etc/sysconfig/system- config-selinux and not finding it -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
How do I add 5900 to the centos firewall? How do I edit the conf file? You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running: # setup Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either.. -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On Fri, 2009-04-24 at 16:05 -0700, Jason Todd Slack-Moehrle wrote: How do I add 5900 to the centos firewall? How do I edit the conf file? You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running: # setup Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either.. yum install system-config-network-tui system-config-network-tui Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
Hi, How do I add 5900 to the centos firewall? How do I edit the conf file? You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running: # setup Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either.. yum install system-config-network-tui system-config-network-tui This just lets you change UP/DNS info if I recall. Wont do anything to the firewall. -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On 24-Apr-09, at 4:05 PM, Jason Todd Slack-Moehrle mailingli...@mailnewsrss.com wrote: How do I add 5900 to the centos firewall? How do I edit the conf file? You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running: # setup Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either.. -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Yum install setup D ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On 24-Apr-09, at 4:14 PM, Jason Todd Slack-Moehrle mailingli...@mailnewsrss.com wrote: Hi, How do I add 5900 to the centos firewall? How do I edit the conf file? You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running: # setup Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either.. yum install system-config-network-tui system-config-network-tui This just lets you change UP/DNS info if I recall. Wont do anything to the firewall. -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Install the setup program as I pointed out in another email. As for editing the firewall, (without the setup program) you would use the iptables command and it's switches to get the work done. You could also use something like fwbuilder which is a GUI that writes your iptables script for you. D ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
How do I add 5900 to the centos firewall? How do I edit the conf file? You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running: # setup Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either.. Yum install setup So I thought too: Updated: setup.noarch 0:2.5.58-4.el5 Complete! [r...@server1 /]# setup -bash: setup: command not found There is something fundamental that I am missing and having never used CentOS is probably not helping. -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
Hi, As for editing the firewall, (without the setup program) you would use the iptables command and it's switches to get the work done. [r...@server1 bin]# man iptables No manual entry for iptables [r...@server1 bin]# man ipchains No manual entry for ipchains [r...@server1 bin]# So is there something wrong with what they set me up with? -Jason___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On Fri, 2009-04-24 at 16:14 -0700, Jason Todd Slack-Moehrle wrote: Hi, How do I add 5900 to the centos firewall? How do I edit the conf file? You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running: # setup Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either.. yum install system-config-network-tui system-config-network-tui This just lets you change UP/DNS info if I recall. Wont do anything to the firewall. sorry, my mistake... system-config-securitylevel-tui Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On Fri, 24 Apr 2009 16:10:19 -0700, Craig White wrote On Fri, 2009-04-24 at 16:05 -0700, Jason Todd Slack-Moehrle wrote: How do I add 5900 to the centos firewall? How do I edit the conf file? You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running: # setup Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either.. yum install system-config-network-tui system-config-network-tui Craig I got it using /usr/bin/system-config-securitylevel-tui -- Brian http://wx.Tatorz.com Open WebMail Project (http://openwebmail.org) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On Fri, 2009-04-24 at 16:22 -0700, Jason Todd Slack-Moehrle wrote: Hi, As for editing the firewall, (without the setup program) you would use the iptables command and it's switches to get the work done. [r...@server1 bin]# man iptables No manual entry for iptables [r...@server1 bin]# man ipchains No manual entry for ipchains [r...@server1 bin]# So is there something wrong with what they set me up with? ipchains for 2.4 version kernels, iptables for 2.6 kernels # rpm -q iptables iptables-1.3.5-4.el5 # rpm -ql iptables|grep man /usr/share/man/man8/iptables-restore.8.gz /usr/share/man/man8/iptables-save.8.gz /usr/share/man/man8/iptables.8.gz seems as though you need to install iptables package Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
[r...@server1 bin]# man iptables No manual entry for iptables [r...@server1 bin]# man ipchains No manual entry for ipchains [r...@server1 bin]# So is there something wrong with what they set me up with? seems as though you need to install iptables package [r...@server1 /]# uname -a Linux Server1 2.6.24-23-xen #1 SMP Mon Jan 26 03:09:12 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux But if iptables is not installed, how is port 5900 being blocked? -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On Fri, 2009-04-24 at 16:33 -0700, Jason Todd Slack-Moehrle wrote: [r...@server1 bin]# man iptables No manual entry for iptables [r...@server1 bin]# man ipchains No manual entry for ipchains [r...@server1 bin]# So is there something wrong with what they set me up with? seems as though you need to install iptables package [r...@server1 /]# uname -a Linux Server1 2.6.24-23-xen #1 SMP Mon Jan 26 03:09:12 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux But if iptables is not installed, how is port 5900 being blocked? maybe the xen host is blocking them. Maybe upstream router is blocking. why not just use freenx and run everything through ssh port which clearly isn't blocked? It's faster and better anyway. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos