[CentOS] Problem with CentOS server: am I running a firewall?

Timothy Murphy gayleard at eircom.net
Tue Apr 15 23:25:35 UTC 2008 

On Tuesday 15 April 2008 11:48:00 pm Filipe Brandenburger wrote:

> >  Unfortunately, I have not been able to set it up
> >  to allow local machines to access the internet.
>
> Did you enable routing? The output of "cat
> /proc/sys/net/ipv4/ip_forward" must be 1, otherwise the server won't
> route packets between networks. In some cases (depending on your
> Internet modem/router) it's possible that you'll need to configure the
> server to do NAT as well.

Thanks very much.
I see that this is set to 0 at present:
-------------------------------------------------
[tim at helen ~]$ cat /proc/sys/net/ipv4/ip_forward
0
-------------------------------------------------
I'll try setting it to 1, and re-connecting the server.

> You can see the firewall rules with the command "iptables -nL". You
> can delete all rules by running "iptables -F" (beware, your server
> will be unprotected if you do that).

I was actually using shorewall (from the epel repository, I think),
and hoped/assumed it would take care of any settings like this.
I ran "service shorewall clear" and looked at "iptables -L"
which seemed to allow everything:
-------------------------------------------------
[tim at helen ~]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
-------------------------------------------------

> If you give more details about your network topology, it would be
> easier to help you. You may also look at the contents of
> /etc/sysctl.conf and /etc/sysconfig/iptables on your old server,
> probably the routing, NAT and firewalling configuration of that server
> is there.

Thanks for your offer.
If your earlier suggestion does not work, I'll take it up.
I more or less copied everything from the other server,
but could easily have missed something.

Thanks again.

More information about the CentOS mailing list