On Sat, 5 Jan 2013, Tim Evans wrote:
On 01/05/2013 10:13 AM, me@tdiehl.org wrote:
On Fri, 4 Jan 2013, Steve Campbell wrote:
On 1/4/2013 12:21 PM, Tim Evans wrote:
On 01/04/2013 12:01 PM, Tim Evans wrote:
I'm replacing an ancient Solaris 'ipf' firewall/router with a brand new CentOS 6.3 system. In the olden days, I successfully used the attached iptables script (as /etc/rc.local) on Red Hat 5.x systems, but this doesn't seem to be quite working on the new system.
Specifically, while it seems to be routing ok, you cannot connect to anything on the inside net (e.g., with ssh or a browser) and cannot connect to the system with ssh or anything else from elsewhere on the inside net. Yet arp shows this system active.
Is there obsolete stuff here, and/or anything missing that would cause this?
Nevermind... Temporary IP address in the script was wrong; corrected and now working. Will be glad to see comments, though.
Use Firewall Builder. It makes things so much easier. And it's free.
+1000 for fwbuilder.
Raw iptables commands are not only error prone but will make your brain hurt.
As the original poster, I welcome these suggestions, but point out my ruleset was already written and working. Last I looked (a long time ago, I admit), fwbuilder could not import an existing set of rules and turn it into the necessary fwbuilder abstractions, which meant I'd have to re-invent the working wheel, just to get it into fwbuilder.
That is no longer true. fwb has a tool to import existing rules although I have never used it.
Regards,