How to unset up the firewall... :-)

Fabricio Santos flslinux at yahoo.com
Sat Mar 27 15:32:50 UTC 2004


Hi everyone,
 
After delightfully reading through the early December thread "How to set up the Firewall" I have decided to post my firewall problem with a similar subject. Here is the full story.
 
Recently I had a crash on my Linux (mandrake... baaaaad mandrake... :-) box at home and the boot partition blew up! :-( I have then decided to install Fedora.

Now I can access SSH (port 6666) and HTTP (port 8080) from inside my network (192.168.1.0) but when connecting from the Internet TCP SYNs are not responded to. It clearly shows there is a Firewall set up.

I have disabled iptables and it still fails:

[root at sereia root]# /etc/init.d/iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]

[root at sereia root]# /etc/init.d/iptables status
Firewall is stopped.

Packet trace during test from The Internet (origin IP was changed):

[root at sereia root]# tcpdump port 8080
tcpdump: listening on eth0
13:31:43.687416 13.13.13.13.40151 > 192.168.1.1.webcache: S 2402768476:2402768476(0) win 5840 <mss 1460,sackOK,timestamp 13472363 0,nop,wscale 0> (DF)
13:31:46.683547 13.13.13.13.40151 > 192.168.1.1.webcache: S 2402768476:2402768476(0) win 5840 <mss 1460,sackOK,timestamp 13472663 0,nop,wscale 0> (DF)
13:31:52.687561 13.13.13.13.40151 > 192.168.1.1.webcache: S
2402768476:2402768476(0) win 5840 <mss 1460,sackOK,timestamp 13473263
0,nop,wscale 0> (DF)

3 packets received by filter
0 packets dropped by kernel
[root at sereia root]#

So, no reply from request on port 8080 (tcpdump is automatically mapping port 8080 to webcache protocol). The weird nonstandard ports are explained by the inability of my ISP which blocks ports under 1024… To secure their users they say. :-(

Fedora also ships with a built in firewall which can be managed by the text based lokkit utility (which I found out in the other thread that it is not lokkit after all... as I have no X server installed on this machine). Using lokkit I tried to disable the firewall and also tried to enable it and specifically allow ports 6666 and 8080 but still no joy. So I'm clueless. Do you know anything I may be overlooking?

-fs



---------------------------------
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040327/baa0969d/attachment-0001.htm>


More information about the fedora-list mailing list