----- Original Message ----- | | On 1/4/2013 12:21 PM, Tim Evans wrote: | > On 01/04/2013 12:01 PM, Tim Evans wrote: | >> I'm replacing an ancient Solaris 'ipf' firewall/router with a | >> brand new | >> CentOS 6.3 system. In the olden days, I successfully used the | >> attached | >> iptables script (as /etc/rc.local) on Red Hat 5.x systems, but | >> this | >> doesn't seem to be quite working on the new system. | >> | >> Specifically, while it seems to be routing ok, you cannot connect | >> to | >> anything on the inside net (e.g., with ssh or a browser) and | >> cannot | >> connect to the system with ssh or anything else from elsewhere on | >> the | >> inside net. Yet arp shows this system active. | >> | >> Is there obsolete stuff here, and/or anything missing that would | >> cause | >> this? | > | > Nevermind... Temporary IP address in the script was wrong; | > corrected | > and now working. Will be glad to see comments, though. | > | > | Use Firewall Builder. It makes things so much easier. And it's free. | | http://www.fwbuilder.org/ | | steve campbell Or don't use CentOS at all and try OpenBSD & PF. The syntax is much cleaner and easier to maintain than Netfilter/IPTables and it works pretty darn well. ;) -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier at sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier "The smartest people are constantly revising their understanding, reconsidering a problem they thought they’d already solved. They’re open to new points of view, new information, new ideas, contradictions, and challenges to their own way of thinking." - Jeff Bezos