qsm wrote: > maybe shorewall can do your live so easy..... It does not support the rtl8150 chipset. That is what the I have in the way of USB ethernet dongles. Which is another reason to go with a Centos based solution when you need to put something up as you go. > > -- > > > *---------- Original Message -----------* > From: Robert Moskowitz <rgm at htt-consult.com> > To: CentOS mailing list <centos at centos.org> > Sent: Thu, 3 Jan 2008 08:03:09 -0500 > Subject: Re: [CentOS] Firewall frustration > > > Christopher Chan wrote: > > > > > >> I tried it. I had everything open. Then I blocked everything. Then I > > >> set up a rule to allow SSH in to eth0 and out eth1 (and the other > > >> way). At least I thought that was what the rules said, but no SSH > > >> connectivity through the firewall. That was when I realized that I > > >> had not found the necessary incantation, and I had already shot most > > >> of tuesday. > > >> > > > > > > Too bad you missed the documentation on netfilter then. > > And that is the crux of the problem. Finding the right > documentation.... > > > > And to look at documentation on netfilter besides iptables. > > > It would have told you that the INPUT chain controls what comes to > the > > > box, the OUTPUT chain what originates from the box and the FORWARD > > > chain what goes through the box. > > > > > > You would have needed a rule in FORWARD to allow ssh connections > > > through the box. The rules in the INPUT and OUTPUT chains would have > > > zero effect on connections going through. > > > > > > Anyways, you have something now but in case you want to give iptables > > > another go... > > > _______________________________________________ > > > CentOS mailing list > > > CentOS at centos.org > > > http://lists.centos.org/mailman/listinfo/centos > > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > -- > > Este mensaje ha sido analizado por MailScanner > > en busca de virus y otros contenidos peligrosos, > > y se considera que está limpio. > > For all your IT requirements visit: http://www.transtec.co.uk > <http://www.transtec.co.uk/> > *------- End of Original Message -------* > > -- > Este mensaje ha sido analizado por *MailScanner* > <http://www.mailscanner.info/> > en busca de virus y otros contenidos peligrosos, > y se considera que está limpio. > MailScanner agradece a transtec Computers <http://www.transtec.co.uk/> > por su apoyo. > ------------------------------------------------------------------------ > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >