Re: IPTABLES doesn't work

• Previous message: Travis Fraser: "Re: cs4281: suddenly not working anymore"
• In reply to: smoothmilk: "IPTABLES doesn't work"
• Next in thread: smoothmilk: "Re: IPTABLES doesn't work"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: fedora-list@redhat.com
Date: Fri, 30 Jan 2004 12:41:42 +1000

smoothmilk wrote:
> Why doesn't redhat-config-securitylevel's iptables rules work?
>
> If I turn off EVERYTHING (www, ftp, ssh, etc) and save, and even
> manually restart iptables (# /sbin/service iptables restart) other
> computers on my network can access www (even on weird, non-standard
> ports with http servers on them) ftp, ssh, etc.

This is where it gets a little odd for me. 'Other computers on my
network can access www' What are these other computers? Unless they
gain access to Internet *through* your Fedora machine, the Fedora
machines firewall has NOTHING to do with those machines.

The current redhat-config-securitylevel tool works on rules that
control access to services running on the Fedora box, and cannot
influence any other machine attached to the same network accessing
other machines on that network.

>
> So whats the point of even including that tool if it doesn't do
> anything? I dont understand how it just flat out doesn't work. I have no
> idea how iptables works, and because there's no documentation out there
> for beginners who just want a script that's for eth0 with a simple www,
> ssh and ftp server(s), Im stuck using rh's tools, which don't do
> anything. there's no security here.

I can help. I suggest you go and seek the most basic understanding of
the nature of tcp/ip and ethernet networks, and have a good think
about it..

The redhat-config-securitylevel tool does pretty much exactly what it
is designed to do - Set up iptables rules to assist in controlling
access to services running on the host machine.

Cheers,
Michael

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

• Previous message: Travis Fraser: "Re: cs4281: suddenly not working anymore"
• In reply to: smoothmilk: "IPTABLES doesn't work"
• Next in thread: smoothmilk: "Re: IPTABLES doesn't work"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: More on learning "Public Key Authentication" ... > computers in my local network are configured that way. ... > A long passphrase is a good idea but for other reasons. ... I _think_ a passphrase is used merely to verify that a public SSH ... _public_ keys between computers, so I do not even use a public SSH ... (comp.sys.mac.system) Re: Login Timeout Problems ... I have 3 other computers (running older versions of Red Hat Linux) on the same network that don't have the problem. ... I'll try to SSH to another computer and see what happens. ... (RedHat) Re: How do you transfer a file. ... Roger Merritt writes: ... > machine on the network. ... FTP has not been disabled and I have ... ssh is also set up between the two machines, ... (freebsd-questions) Re: Multiple machines at one IP ... I have network at home with several computers, which I often use SSH to ... standard port 22, but my personal PC there is listening on port 1602. ... (SSH) Re: Problems with FTP and Ip address duplicate problem ... your network is assigns addresses to the computers. ... need something to tell whatever that thing is to forward FTP request to the ... computer's IP that is the server. ... (microsoft.public.windowsxp.help_and_support)