qsm wrote:
maybe shorewall can do your live so easy.....
It does not support the rtl8150 chipset. That is what the I have in the way of USB ethernet dongles.
Which is another reason to go with a Centos based solution when you need to put something up as you go.
--
*---------- Original Message -----------* From: Robert Moskowitz rgm@htt-consult.com To: CentOS mailing list centos@centos.org Sent: Thu, 3 Jan 2008 08:03:09 -0500 Subject: Re: [CentOS] Firewall frustration
Christopher Chan wrote:
I tried it. I had everything open. Then I blocked everything. Then I set up a rule to allow SSH in to eth0 and out eth1 (and the other way). At least I thought that was what the rules said, but no SSH connectivity through the firewall. That was when I realized that I had not found the necessary incantation, and I had already shot most of tuesday.
Too bad you missed the documentation on netfilter then.
And that is the crux of the problem. Finding the right
documentation....
And to look at documentation on netfilter besides iptables.
It would have told you that the INPUT chain controls what comes to
the
box, the OUTPUT chain what originates from the box and the FORWARD chain what goes through the box.
You would have needed a rule in FORWARD to allow ssh connections through the box. The rules in the INPUT and OUTPUT chains would have zero effect on connections going through.
Anyways, you have something now but in case you want to give iptables another go... _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que está limpio. For all your IT requirements visit: http://www.transtec.co.uk
http://www.transtec.co.uk/ *------- End of Original Message -------*
-- Este mensaje ha sido analizado por *MailScanner* http://www.mailscanner.info/ en busca de virus y otros contenidos peligrosos, y se considera que está limpio. MailScanner agradece a transtec Computers http://www.transtec.co.uk/ por su apoyo.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos