maybe shorewall can do your live so easy.....
--
---------- Original Message
-----------
From: Robert Moskowitz <rgm@htt-consult.com>
To: CentOS mailing list <centos@centos.org>
Sent: Thu, 3 Jan 2008 08:03:09 -0500
Subject: Re: [CentOS] Firewall frustration
> Christopher Chan wrote:
>
>
>
>> I tried it. I had everything open. Then I blocked everything. Then I
>
>> set up a rule to allow SSH in to eth0 and out eth1 (and the other
>
>> way). At least I thought that was what the rules said, but no SSH
>
>> connectivity through the firewall. That was when I realized that I
>
>> had not found the necessary incantation, and I had already shot most
>
>> of tuesday.
>
>>
>
>
>
> Too bad you missed the documentation on netfilter then.
>
And that is the crux of the problem. Finding the right documentation....
>
>
And to look at documentation on netfilter besides iptables.
>
> It would have told you that the INPUT chain controls what comes to the
>
> box, the OUTPUT chain what originates from the box and the FORWARD
>
> chain what goes through the box.
>
>
>
> You would have needed a rule in FORWARD to allow ssh connections
>
> through the box. The rules in the INPUT and OUTPUT chains would have
>
> zero effect on connections going through.
>
>
>
> Anyways, you have something now but in case you want to give iptables
>
> another go...
>
> _______________________________________________
>
> CentOS mailing list
>
> CentOS@centos.org
>
> http://lists.centos.org/mailman/listinfo/centos
>
>
>
_______________________________________________
>
CentOS mailing list
>
CentOS@centos.org
>
http://lists.centos.org/mailman/listinfo/centos
>
>
--
>
Este mensaje ha sido analizado por MailScanner
>
en busca de virus y otros contenidos peligrosos,
>
y se considera que está limpio.
>
For all your IT requirements visit: http://www.transtec.co.uk
------- End of Original
Message
-------