[CentOS] firewall issue

Sun Oct 1 23:37:19 UTC 2006
Robert Spangler <lazydog at zoominternet.net>

On Sat September 30 2006 19:57, Ski Dawg wrote:

>  My problem is that I am not sure how to resolve this. I have not done
>  any configuration with iptables before. In the
>  file /etc/sysconfig/iptables are the lines:
>  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049
>  -j ACCEPT
>  -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049
>  -j ACCEPT

First off we would need to know what is in your /etc/sysconfig/iptables file.  
There could be many things that are killing this.  Since it looks like you 
are doing statefull inspection I would assume that there is a statement for 
ESTABLISHED,RELATED in there also.  What are the default policies?  Are you 
logging your firewall drop/rejects?  Check message file to see if there are 
any clues in there.  We need to know how it is setup completely so one 
command isn't killing another.

>  and there are not any deny lines above these. I think those lines were
>  added when I ran system-config-securitylevel-tui. Those are the only
>  lines that I can find that mention port 2049 or nfs.

Normally you would want your Deny lines towards the bottom on your chains if 
you have any.

>  Those lines look to me like they are for accepting incoming connections
>  only. Is that correct?

Yep.

>  What do I need to do so that I can do the nfs export out of this box?

Well paste bin your firewall rules and post the URL here.  That would be a 
start.


-- 

Regards
Robert

Smile... it increases your face value!