FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 04-15-2008, 09:33 PM
Timothy Murphy
 
Default Problem with CentOS server: am I running a firewall?

I recently tried to swap server from an ancient Asus PIII machine
running Fedora-8 to a Dell PowerEdge T105 running Centos-5.1 .

Unfortunately, I have not been able to set it up
to allow local machines to access the internet.

I can access the internet directly from the server
(which connects to an ADSL modem)
but not from a laptop connected to the server
through an ethernet hub or WiFi router.

I can ssh into the server from the laptop,
but cannot ping anything beyond the server.

It is as though there were a firewall running on the server
which will not allow packets on the LAN to pass to the internet.

This is probably a very ignorant question,
but is there such a default firewall running under CentOS?

I've gone back to my old server temporarily,
but would prefer to sort out the new one if I could.

Any advice or suggestions gratefully received.



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-15-2008, 10:48 PM
"Filipe Brandenburger"
 
Default Problem with CentOS server: am I running a firewall?

On Tue, Apr 15, 2008 at 5:33 PM, Timothy Murphy <gayleard@eircom.net> wrote:
> Unfortunately, I have not been able to set it up
> to allow local machines to access the internet.

Did you enable routing? The output of "cat
/proc/sys/net/ipv4/ip_forward" must be 1, otherwise the server won't
route packets between networks. In some cases (depending on your
Internet modem/router) it's possible that you'll need to configure the
server to do NAT as well.

You can see the firewall rules with the command "iptables -nL". You
can delete all rules by running "iptables -F" (beware, your server
will be unprotected if you do that).

If you give more details about your network topology, it would be
easier to help you. You may also look at the contents of
/etc/sysctl.conf and /etc/sysconfig/iptables on your old server,
probably the routing, NAT and firewalling configuration of that server
is there.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-15-2008, 11:25 PM
Timothy Murphy
 
Default Problem with CentOS server: am I running a firewall?

On Tuesday 15 April 2008 11:48:00 pm Filipe Brandenburger wrote:

> > Unfortunately, I have not been able to set it up
> > to allow local machines to access the internet.
>
> Did you enable routing? The output of "cat
> /proc/sys/net/ipv4/ip_forward" must be 1, otherwise the server won't
> route packets between networks. In some cases (depending on your
> Internet modem/router) it's possible that you'll need to configure the
> server to do NAT as well.

Thanks very much.
I see that this is set to 0 at present:
-------------------------------------------------
[tim@helen ~]$ cat /proc/sys/net/ipv4/ip_forward
0
-------------------------------------------------
I'll try setting it to 1, and re-connecting the server.

> You can see the firewall rules with the command "iptables -nL". You
> can delete all rules by running "iptables -F" (beware, your server
> will be unprotected if you do that).

I was actually using shorewall (from the epel repository, I think),
and hoped/assumed it would take care of any settings like this.
I ran "service shorewall clear" and looked at "iptables -L"
which seemed to allow everything:
-------------------------------------------------
[tim@helen ~]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
-------------------------------------------------

> If you give more details about your network topology, it would be
> easier to help you. You may also look at the contents of
> /etc/sysctl.conf and /etc/sysconfig/iptables on your old server,
> probably the routing, NAT and firewalling configuration of that server
> is there.

Thanks for your offer.
If your earlier suggestion does not work, I'll take it up.
I more or less copied everything from the other server,
but could easily have missed something.

Thanks again.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-16-2008, 10:50 AM
Timothy Murphy
 
Default Problem with CentOS server: am I running a firewall?

On Wednesday 16 April 2008 12:25:35 am Timothy Murphy wrote:
> On Tuesday 15 April 2008 11:48:00 pm Filipe Brandenburger wrote:
> > > Unfortunately, I have not been able to set it up
> > > to allow local machines to access the internet.
> >
> > Did you enable routing? The output of "cat
> > /proc/sys/net/ipv4/ip_forward" must be 1, otherwise the server won't
> > route packets between networks. In some cases (depending on your
> > Internet modem/router) it's possible that you'll need to configure the
> > server to do NAT as well.

I found in the end this wasn't the issue;
shorewall sets /proc/sys/net/ipv4/ip_forward to 1 by default;
I only read it as 0 because I had stopped shorewall.

My error was that I had not added my LAN to /etc/shorewall/masq .
Just a silly oversight.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:09 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org