having problems with getting ports open through firewall
Nigel Wade
nmw at ion.le.ac.uk
Tue May 22 08:30:16 UTC 2007
Scott Berry wrote:
> Woops sorry should have been eth0.
>
> Scott
>
> ----- Original Message -----
> From: Scott Berry
> To: For users of Fedora
> Sent: Monday, May 21, 2007 1:39 PM
> Subject: having problems with getting ports open through firewall
>
>
> Hello there,
>
> I would like to have all ports open on eth-. How would one go about this through system-config-securitylevel-tui? Here is what my ifconfig reads.
>
> eth0 Link encap:Ethernet HWaddr 00:10:5A:98:7C:E9
> UP BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> Interrupt:11 Base address:0xec00
>
> eth1 Link encap:Ethernet HWaddr 00:06:5B:16:93:37
> inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
> inet6 addr: fe80::206:5bff:fe16:9337/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:14499 errors:0 dropped:0 overruns:1 frame:0
> TX packets:6139 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:5165422 (4.9 MiB) TX bytes:1712329 (1.6 MiB)
> Interrupt:11 Base address:0xc800
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:2284 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2284 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:3238776 (3.0 MiB) TX bytes:3238776 (3.0
>
>
I don't think you can achieve this using
system-config-securitylevel-tui. It just doesn't have the flexibility to
handle this kind of configuration. These rules will do what you want:
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A OUTPUT -i eth0 -j ACCEPT
should allows any packet incoming or outgoing via eth0 to be accepted
(unless a previous rule explicitly blocks the packet). However, since
eth0 has no IP address and is not in promiscuous mode, what packets are
you expecting to see on that interface?
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the fedora-list
mailing list