very perplexed here - I need to turn off iptables. Ive tried
service iptables save service iptables stop chkconfig iptables off
service ip6tables save service ip6tables stop chkconfig ip6tables off
edited OPGX280 ~ # cat /etc/sysconfig/system-config-firewall # Configuration file for system-config-firewall --disabled --service=ssh
OPGX280 ~ :( # cat /etc/selinux/config SELINUX=disabled
OPGX280 ~ :( # chkconfig |grep ip ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipmievd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipsec 0:off 1:off 2:off 3:off 4:off 5:off 6:off iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipvsadm 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Yet - when I reboot iptables gets started - if I run
OPGX280 ~ # /etc/rc.d/init.d/iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Note --> 192.168.122.0/24 is NOT my network, I just want the status to tell me iptables is NOT running
What else can I look for??
Thanks Bob
On 7 July 2013 20:57, Bob Metelsky bob.metelsky@gmail.com wrote:
very perplexed here - I need to turn off iptables. Ive tried
service iptables save service iptables stop chkconfig iptables off
service ip6tables save service ip6tables stop chkconfig ip6tables off
edited OPGX280 ~ # cat /etc/sysconfig/system-config-firewall # Configuration file for system-config-firewall --disabled --service=ssh
OPGX280 ~ :( # cat /etc/selinux/config SELINUX=disabled
OPGX280 ~ :( # chkconfig |grep ip ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipmievd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipsec 0:off 1:off 2:off 3:off 4:off 5:off 6:off iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipvsadm 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Yet - when I reboot iptables gets started - if I run
OPGX280 ~ # /etc/rc.d/init.d/iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Note --> 192.168.122.0/24 is NOT my network, I just want the status to tell me iptables is NOT running
What else can I look for??
Thanks Bob _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Bob,
I am just shooting in the dark here, have you tried /sbin/iptables -F
this is very strange....
I ran your flush command.. worked untill reboot
I came across this article http://www.thegeekstuff.com/2011/01/redhat-iptables-flush/
Basically tell me how to save a wide open rules file - I did this and behaved like the doc describes
This is what I have now
OPGX280 ~ :( # cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Sun Jul 7 09:14:11 2013 *filter :INPUT ACCEPT [32:4712] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [40:5160] COMMIT # Completed on Sun Jul 7 09:14:11 2013
- until I reboot then I get the same jibberish...
OPGX280 ~ # /etc/rc.d/init.d/iptables status Table: nat Chain PREROUTING (policy ACCEPT) num target prot opt source destination
Chain POSTROUTING (policy ACCEPT) num target prot opt source destination 1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
Chain OUTPUT (policy ACCEPT) num target prot opt source destination
Table: mangle Chain PREROUTING (policy ACCEPT) num target prot opt source destination
Chain INPUT (policy ACCEPT) num target prot opt source destination
Chain FORWARD (policy ACCEPT) num target prot opt source destination
Chain OUTPUT (policy ACCEPT) num target prot opt source destination
Chain POSTROUTING (policy ACCEPT) num target prot opt source destination 1 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 CHECKSUM fill
Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT) num target prot opt source destination
I don't understand what or why iptables is being called?
I believe anything in /etc/rc.d/init.d/* will get run on startup. If I move those files out of there - obviously the command wont work - but I need to understand whats going on
I want status to tell me OFF
/etc/rc.d/init.d/iptables status
On Sun, Jul 7, 2013 at 9:02 AM, Earl A Ramirez earlaramirez@gmail.comwrote:
On 7 July 2013 20:57, Bob Metelsky bob.metelsky@gmail.com wrote:
very perplexed here - I need to turn off iptables. Ive tried
service iptables save service iptables stop chkconfig iptables off
service ip6tables save service ip6tables stop chkconfig ip6tables off
edited OPGX280 ~ # cat /etc/sysconfig/system-config-firewall # Configuration file for system-config-firewall --disabled --service=ssh
OPGX280 ~ :( # cat /etc/selinux/config SELINUX=disabled
OPGX280 ~ :( # chkconfig |grep ip ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipmievd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipsec 0:off 1:off 2:off 3:off 4:off 5:off 6:off iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipvsadm 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Yet - when I reboot iptables gets started - if I run
OPGX280 ~ # /etc/rc.d/init.d/iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Note --> 192.168.122.0/24 is NOT my network, I just want the status to tell me iptables is NOT running
What else can I look for??
Thanks Bob _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Bob,
I am just shooting in the dark here, have you tried /sbin/iptables -F
-- Kind Regards Earl Ramirez _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Am 07.07.2013 14:57, schrieb Bob Metelsky:
very perplexed here - I need to turn off iptables. Ive tried
Why do you have to turn off the local firewall?
service iptables save service iptables stop chkconfig iptables off
service ip6tables save service ip6tables stop chkconfig ip6tables off
edited OPGX280 ~ # cat /etc/sysconfig/system-config-firewall # Configuration file for system-config-firewall --disabled --service=ssh
OPGX280 ~ :( # cat /etc/selinux/config SELINUX=disabled
Bad practice.
OPGX280 ~ :( # chkconfig |grep ip ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipmievd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipsec 0:off 1:off 2:off 3:off 4:off 5:off 6:off iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipvsadm 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Yet - when I reboot iptables gets started - if I run
OPGX280 ~ # /etc/rc.d/init.d/iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Note --> 192.168.122.0/24 is NOT my network, I just want the status to tell me iptables is NOT running
That's a VMware (ESXi or such) based virtual machine, right? 192.168.122.0/24 is the default VMware NAT network assignment. It comes from the VMware tools. These tools take care that a NAT network setup will work.
What else can I look for??
Thanks Bob
Alexander
P.S. If you reply then please follow the general rule to not top-post and to trim your quotes. Thanks.
On Sun, Jul 7, 2013 at 9:38 AM, Alexander Dalloz ad+lists@uni-x.org wrote:
Am 07.07.2013 14:57, schrieb Bob Metelsky:
very perplexed here - I need to turn off iptables. Ive tried
Why do you have to turn off the local firewall?
OPGX280 ~ :( # cat /etc/selinux/config SELINUX=disabled
Bad practice.
Alexander
P.S. If you reply then please follow the general rule to not top-post and to trim your quotes. Thanks.
I appreciate the admonitions on bad practices - but for now I need to understand why something is happening and stop it
OPGX280 ~ # yum remove virt*
================================================================================ Package Arch Version Repository Size ================================================================================ Removing: virt-manager i686 0.9.0-18.el6 @base 5.4 M virt-top i686 1.0.4-3.15.el6 @base 922 k virt-viewer i686 0.5.2-18.el6_4.2 @updates 751 k virt-what i686 1.11-1.2.el6 @base 35 k
Transaction Summary ================================================================================ Remove 4 Package(s)
Installed size: 7.1 M Is this ok [y/N]: y ... Removed: virt-manager.i686 0:0.9.0-18.el6 virt-top.i686 0:1.0.4-3.15.el6 virt-viewer.i686 0:0.5.2-18.el6_4.2 virt-what.i686 0:1.11-1.2.el6
Complete! OPGX280 ~ #
OPGX280 ~ :( # chkconfig|grep virt libvirt-guests 0:off 1:off 2:off 3:off 4:off 5:off 6:off libvirtd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
reboot
OK!!! Nice call on the virt*
after reboot...
OPGX280 ~ # /etc/rc.d/init.d/iptables status iptables: Firewall is not running.
My goodness I would have never guessed that an unneeded package would have caused that - THANK YOU!
Now I can move on to the work I need to do - Thank you again
On 07.Jul.2013, at 14:57, Bob Metelsky wrote:
very perplexed here - I need to turn off iptables. Ive tried … Yet - when I reboot iptables gets started - if I run ... Note --> 192.168.122.0/24 is NOT my network
This could be the default network from libvirt. The kvm host does NAT from that network if the guest is configured to use it. You can undefine it with some virsh foo
$ virsh net-destroy default $ virsh net-undefine default
-
Alexander Dalloz -
Bob Metelsky -
Earl A Ramirez -
Markus Falb