[CentOS] 2 questions on CentOS firewall
Ljubomir Ljubojevic
office at plnet.rs
Tue Jul 19 13:11:41 UTC 2011
Timothy Murphy wrote:
> I'm running CentOS-6 on an HP MicroServer
> with a Billion 5200S modem/router connecting to the internet.
> I'm running the standard CentOS-6 firewall on the server.
>
> (1) I can open port 22 on the Billion, allowing me to ssh in from outside.
> But for some reason I cannot ping the same address from outside.
> (I can ping it internally.)
> Why is this?
> I'm not sure if the problem lies with the router or the server?
> There does not seem to be any explicit rule on either
> to allow ICMP packets through.
This is due to modem refuses to answer to pings. You might have option
to allow it in modem config.
Ping (ICMP) does not use ports but it is packet of type 8.
>
> (2) I have a Linksys WRT54GL WiFi router attached to the server,
> to allow access to the internet from laptops.
> This works fine.
> But I was surprised to find that when I turn OFF
> the firewall on the server this stops access to the internet on laptops.
> (I didn't test to see if re-booting the laptop would solve this.)
> Can disabling the firewall actually prevent some linkage?
>
When you turn off firewall, it stops routing packets so they can not be
passed to systems behind it.
Only option I can think of is to use shorewall as firewall and add
NAT/Masquerade and the rest of the rules to routestoped confgi file:
"By default, when the Shorewall firewall is stopped it will deny access
from all hosts. This page allows you to define hosts or networks that
will still be accessible.
No addresses to be accessible when stopped have been defined yet."
I am not sure if this does what you need, but if you need to turn down
firewall a lot then consider this option.
Other then that, all you can do is to manually remove and add iptables
rules without shuting down firewall.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
More information about the CentOS
mailing list