[CentOS] Firewall frustration

Thu Jan 3 13:03:09 UTC 2008
Robert Moskowitz <rgm at htt-consult.com>

Christopher Chan wrote:
>
>> I tried it. I had everything open. Then I blocked everything. Then I 
>> set up a rule to allow SSH in to eth0 and out eth1 (and the other 
>> way). At least I thought that was what the rules said, but no SSH 
>> connectivity through the firewall. That was when I realized that I 
>> had not found the necessary incantation, and I had already shot most 
>> of tuesday.
>>
>
> Too bad you missed the documentation on netfilter then. 
And that is the crux of the problem. Finding the right documentation....

And to look at documentation on netfilter besides iptables.
> It would have told you that the INPUT chain controls what comes to the 
> box, the OUTPUT chain what originates from the box and the FORWARD 
> chain what goes through the box.
>
> You would have needed a rule in FORWARD to allow ssh connections 
> through the box. The rules in the INPUT and OUTPUT chains would have 
> zero effect on connections going through.
>
> Anyways, you have something now but in case you want to give iptables 
> another go...
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>