why is iptables still filtering after i disable the firewall?
Robert P. J. Day wrote:
> i suspect this is based on my unfamiliarity with the way ubuntu
> pre-10.10 deals with firewalls but i'm trying to simply ping from my
> ubuntu system to a centos 5.5 box on the same in-house wireless
> network and i'm getting icmp responses, "Destination Host
> Unreachable." yet i can ping the other way (centos -> ubuntu).
I would completely uninstall 'uncomplicated firewall' and restart the
network. Ubuntu's complicated approach to trying to make it simple for
users to setup firewall rules is just broken.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
09-15-2010, 01:42 PM
"Robert P. J. Day"
why is iptables still filtering after i disable the firewall?
On Wed, 15 Sep 2010, Christopher Chan wrote:
> Robert P. J. Day wrote:
> > i suspect this is based on my unfamiliarity with the way ubuntu
> > pre-10.10 deals with firewalls but i'm trying to simply ping from
> > my ubuntu system to a centos 5.5 box on the same in-house wireless
> > network and i'm getting icmp responses, "Destination Host
> > Unreachable." yet i can ping the other way (centos -> ubuntu).
>
> I would completely uninstall 'uncomplicated firewall' and restart
> the network. Ubuntu's complicated approach to trying to make it
> simple for users to setup firewall rules is just broken.
then what would be the incantation for disabling iptables entirely?
i can only *guess* that this is what's causing my problem as i can't
think of any other reason for not being able to ping out.
rday
--
================================================== ======================
Robert P. J. Day Waterloo, Ontario, CANADA
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
09-15-2010, 02:09 PM
"Robert P. J. Day"
why is iptables still filtering after i disable the firewall?
On Wed, 15 Sep 2010, Christopher Chan wrote:
> Robert P. J. Day wrote:
> > i suspect this is based on my unfamiliarity with the way ubuntu
> > pre-10.10 deals with firewalls but i'm trying to simply ping from
> > my ubuntu system to a centos 5.5 box on the same in-house wireless
> > network and i'm getting icmp responses, "Destination Host
> > Unreachable." yet i can ping the other way (centos -> ubuntu).
>
> I would completely uninstall 'uncomplicated firewall' and restart
> the network. Ubuntu's complicated approach to trying to make it
> simple for users to setup firewall rules is just broken.
ok, i'm still slightly confused but for a different reason. recall
that i couldn't ssh or even ping from the ubuntu box to the centos
box, ping worked fine coming the other way.
finally, i ssh'ed in from centos to ubuntu, was asked that first
time to authenticate, RSA key fingerprint, added to known hosts, etc,
etc, you all know the drill. and, suddenly, i can ping and ssh from
ubuntu to centos.
from memory, i recall that there's a setting somewhere under
/etc/ssh that restricts communication to only those hosts that have
been authenticated (what is it?). but does that setting even apply to
non-ssh functionality like ping? can someone explain what just
happened here? thanks.
rday
--
================================================== ======================
Robert P. J. Day Waterloo, Ontario, CANADA
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
09-15-2010, 02:12 PM
Christopher Chan
why is iptables still filtering after i disable the firewall?
Robert P. J. Day wrote:
> On Wed, 15 Sep 2010, Christopher Chan wrote:
>
>> Robert P. J. Day wrote:
>>> i suspect this is based on my unfamiliarity with the way ubuntu
>>> pre-10.10 deals with firewalls but i'm trying to simply ping from
>>> my ubuntu system to a centos 5.5 box on the same in-house wireless
>>> network and i'm getting icmp responses, "Destination Host
>>> Unreachable." yet i can ping the other way (centos -> ubuntu).
>> I would completely uninstall 'uncomplicated firewall' and restart
>> the network. Ubuntu's complicated approach to trying to make it
>> simple for users to setup firewall rules is just broken.
>
> then what would be the incantation for disabling iptables entirely?
> i can only *guess* that this is what's causing my problem as i can't
> think of any other reason for not being able to ping out.
>
Beats me. I could not be bothered to go through the blooming scripts. I
do not have ufw anywhere on my boxes.
I just noticed that I do not have ufw in any of the runlevels except rc1
and rcS in upstart. So presumably 'update-rc.d ufw stop 39 2 3 4 5'
should do the trick.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
09-15-2010, 02:15 PM
Karl Auer
why is iptables still filtering after i disable the firewall?
On Wed, 2010-09-15 at 09:42 -0400, Robert P. J. Day wrote:
> then what would be the incantation for disabling iptables entirely?
> i can only *guess* that this is what's causing my problem as i can't
> think of any other reason for not being able to ping out.
You can't "disable iptables" short of rebuilding your kernel. However,
you can tell iptables to filter nothing:
why is iptables still filtering after i disable the firewall?
Karl Auer wrote:
> On Wed, 2010-09-15 at 09:42 -0400, Robert P. J. Day wrote:
>> then what would be the incantation for disabling iptables entirely?
>> i can only *guess* that this is what's causing my problem as i can't
>> think of any other reason for not being able to ping out.
>
> You can't "disable iptables" short of rebuilding your kernel. However,
> you can tell iptables to filter nothing:
I think not loading the netfilter modules would be pretty much disabling
iptables.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
09-15-2010, 02:54 PM
Tom H
why is iptables still filtering after i disable the firewall?
On Wed, Sep 15, 2010 at 9:13 AM, Robert P. J. Day <rpjday@crashcourse.ca> wrote:
>
> *i suspect this is based on my unfamiliarity with the way ubuntu
> pre-10.10 deals with firewalls but i'm trying to simply ping from my
> ubuntu system to a centos 5.5 box on the same in-house wireless
> network and i'm getting icmp responses, "Destination Host
> Unreachable." *yet i can ping the other way (centos -> ubuntu).
>
> *i've completely disabled iptables on the centos system, and i want
> to do the same on ubuntu. *i installed gufw and i did what i thought
> disabled the firewall on the ubuntu box, yet when i run "sudo iptables
> -L", i'm still seeing some filtering:
>
> Chain FORWARD (policy ACCEPT)
> target * * prot opt source * * * * * * * destination
> ACCEPT * * all *-- *anywhere * * * * * * 192.168.122.0/24 * *state
> RELATED,ESTABLISHED
> ACCEPT * * all *-- *192.168.122.0/24 * * anywhere
> ACCEPT * * all *-- *anywhere * * * * * * anywhere
> REJECT * * all *-- *anywhere * * * * * * anywhere
> reject-with icmp-port-unreachable
> REJECT * * all *-- *anywhere * * * * * * anywhere
> reject-with icmp-port-unreachable
>
> and while the forwarding rules shouldn't affect this, how can i simply
> disable the firewall entirely? *if i invoke "gufw" and disable the
> firewall, shouldn't that do it?
How about "ufw reset" and/or "ufw disable"?
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
09-15-2010, 03:28 PM
"Robert P. J. Day"
why is iptables still filtering after i disable the firewall?
On Wed, 15 Sep 2010, Christopher Chan wrote:
> Karl Auer wrote:
> > On Wed, 2010-09-15 at 09:42 -0400, Robert P. J. Day wrote:
> >> then what would be the incantation for disabling iptables entirely?
> >> i can only *guess* that this is what's causing my problem as i can't
> >> think of any other reason for not being able to ping out.
> >
> > You can't "disable iptables" short of rebuilding your kernel. However,
> > you can tell iptables to filter nothing:
>
> I think not loading the netfilter modules would be pretty much
> disabling iptables.
i guess i'm spoiled by RH/fedora, where i just did:
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
09-15-2010, 04:21 PM
NoOp
why is iptables still filtering after i disable the firewall?
On 09/15/2010 07:54 AM, Tom H wrote:
> On Wed, Sep 15, 2010 at 9:13 AM, Robert P. J. Day <rpjday@crashcourse.ca> wrote:
...
>> and while the forwarding rules shouldn't affect this, how can i simply
>> disable the firewall entirely? if i invoke "gufw" and disable the
>> firewall, shouldn't that do it?
>
> How about "ufw reset" and/or "ufw disable"?
>
Or '$ man ufw' :-)
http://manpages.ubuntu.com/manpages/lucid/man8/ufw.8.html
https://help.ubuntu.com/community/UFW
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
09-15-2010, 04:23 PM
"Robert P. J. Day"
why is iptables still filtering after i disable the firewall?
On Wed, 15 Sep 2010, NoOp wrote:
> On 09/15/2010 07:54 AM, Tom H wrote:
> > On Wed, Sep 15, 2010 at 9:13 AM, Robert P. J. Day <rpjday@crashcourse.ca> wrote:
> ...
> >> and while the forwarding rules shouldn't affect this, how can i simply
> >> disable the firewall entirely? if i invoke "gufw" and disable the
> >> firewall, shouldn't that do it?
> >
> > How about "ufw reset" and/or "ufw disable"?
> >
>
> Or '$ man ufw' :-)
> http://manpages.ubuntu.com/manpages/lucid/man8/ufw.8.html
> https://help.ubuntu.com/community/UFW
i *did* a "ufw disable" and still had filtering in the forwarding
chain, which i found confusing.
rday
--
================================================== ======================
Robert P. J. Day Waterloo, Ontario, CANADA
why is iptables still filtering after i disable the firewall?
