On Sat, 5 Jan 2013, Tim Evans wrote: > On 01/05/2013 10:13 AM, me at tdiehl.org wrote: >> On Fri, 4 Jan 2013, Steve Campbell wrote: >> >>> >>> On 1/4/2013 12:21 PM, Tim Evans wrote: >>>> On 01/04/2013 12:01 PM, Tim Evans wrote: >>>>> I'm replacing an ancient Solaris 'ipf' firewall/router with a brand new >>>>> CentOS 6.3 system. In the olden days, I successfully used the attached >>>>> iptables script (as /etc/rc.local) on Red Hat 5.x systems, but this >>>>> doesn't seem to be quite working on the new system. >>>>> >>>>> Specifically, while it seems to be routing ok, you cannot connect to >>>>> anything on the inside net (e.g., with ssh or a browser) and cannot >>>>> connect to the system with ssh or anything else from elsewhere on the >>>>> inside net. Yet arp shows this system active. >>>>> >>>>> Is there obsolete stuff here, and/or anything missing that would cause >>>>> this? >>>> >>>> Nevermind... Temporary IP address in the script was wrong; corrected >>>> and now working. Will be glad to see comments, though. >>>> >>>> >>> Use Firewall Builder. It makes things so much easier. And it's free. >>> >>> http://www.fwbuilder.org/ >> >> +1000 for fwbuilder. >> >> Raw iptables commands are not only error prone but will make your brain hurt. > > As the original poster, I welcome these suggestions, but point out my > ruleset was already written and working. Last I looked (a long time > ago, I admit), fwbuilder could not import an existing set of rules and > turn it into the necessary fwbuilder abstractions, which meant I'd have > to re-invent the working wheel, just to get it into fwbuilder. That is no longer true. fwb has a tool to import existing rules although I have never used it. Regards, -- Tom me at tdiehl.org Spamtrap address me123 at tdiehl.org