[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: F11 iptables can't disable



Marko;

The GUI doesn't ask for the root password, and some of the other setups don't either. I had to go to the menus and modify them to use (su -c "application") and open the application in a terminal window to get a root password entered when I want to change something. All of the machines I use run VNC on my home LAN and it seems a bunch of stuff doesn't work right like this.

I have a hardware firewall running in front of all of my machines so I normally don't want one running locally. I want the firewall to pass all packets with no filtering. Yes I can use "service iptables stop" at the CLI but the firewall is right back again with filtering when I reboot the machine. I can see a bunch of filter rules are loaded when I check it so I know my settings were not respected. I have a FC3, FC5 and a F8 box that does NOT do this. Even F12 respects the settings, the F11 box does not.

Samba browsing doesn't work on F11 either but seems to work fine on the F12 box, along with the others just fine, and they are setup the same pretty much as far as samba configuration goes. I can get in to the F11 box to the file shares from another computer but browsing from the F11 box for file shares on other computers doesn't work. Somebody else on this list was having just the reverse problem with their F11 box too. Neither one of us has figured out why this is happening yet. The F11 box just doesn't want to play nice.

The F12 box has frequent dialog box messages waiting for me when I fire up my VNC viewer to get on the machine. The dialog box message says something about an authorization failure while the details section doesn't say what application, service etc caused it, a total waste and absolutely of no use. So far I have no idea why this is occurring.

I've noticed that the last couple releases of Fedora has gone down hill in stability and usability when trying to run the system remotely using VNC. Seems like few people use it the way I do. I run all my machines primarily as headless work stations. I use VNC on the local LAN from a laptop to get in to each machine or using putty (ssh) on the Internet while tunneling VNC through it. Each machine has a different ssh port setup on it, and a fixed IP, while the router has port forwarding set up to forward the given ssh port to the right machine. This way I can access any machine on my LAN by using a different ssh port setting. None of the machines use the standard ssh port however. Not having things work right or as expected using a VNC setup is a real deal buster for me. I'm thinking about dumping F11.

Regards;

Leland C. Scott
KC8LDO

The right to practice in one's chosen profession is a Constitutional liberty
[Gibson v. Berryhill, 411 U.S. 564, 571 (1973)] that is violated by visas
that force Americans to train their foreign replacements or otherwise
result in displacement by foreign workers.

----- Original Message ----- From: "Marko Vojinovic" <vvmarko gmail com>
To: <fedora-list redhat com>; "KC8LDO" <kc8ldo arrl net>
Sent: Monday, December 14, 2009 7:51 AM
Subject: Re: F11 iptables can't disable


On Monday 14 December 2009 06:40:28 KC8LDO wrote:
I've been trying to track down a problem where I can't browse the local
network using samba. As one experiment I disabled iptables, or so I thought
I did, using the services GUI. I can disable the ip6tables firewall it
 seems OK, but not the iptables firewall. The GUI shows the service
 disabled but still running, red dot and the plug icon in.

"Disabled" (the red dot) means that the service will not be started on next
boot. "Running" (the plug) means that the service is currently active.

Those are two separate concepts, you should never confuse them.

 Something
 is screwed up with how some of the services work on F11 where they don't
stop, start etc. the way they should and ask for a root password, through
 a pop-up dialog box, to allow making changes.

The password is asked on your first attempt to change something, and
authorization lasts until some reasonable timeout (couple of minutes or so, I don't know exactly). This is if you use GUI. If you use the "service" command in the terminal, there is no pop-up window, you should be logged in as root
instead.

Are you not being asked for the root password?

How do you tell iptables to quit, pass all packets through,

service iptables stop

and stay that
way even after rebooting?

chkconfig iptables off

Be warned though, that not running a firewall is a Very Bad Idea if the
machine is connected to the Internet. If you have trouble with samba, I
suggest configuring the firewall appropriately, rather than disabling it
completely.

That's a major issue for me. I would suspect that
some system script file(s) are not done right or missing etc.

No, everything is working as expected. The "service" command does what it is intended to do --- start or stop the service. This has of course nothing to do
with configuring what will happen at next boot.

The "chkconfig" command configures what services will or will not be started
at boot.

I keep getting some mysterious authorization failure message box that pops
up with no description of where, why and from what caused it. So far I
haven't had any luck finding what it is and stopping whatever the
application or service that's causing it.

Could it be that these are the root password requests that you were asked for while playing with the services GUI? If I understood your comments above, the services GUI failed to ask you for a root password, right? And now you find a
bunch of password requests waiting somewhere else, right?

It might be that your desktop environment has something screwed up and the
pop-up requests do not appear on the same desktop as the originating app.
IIRC, this is configurable somewhere, depending on the DE you use.

HTH, :-)
Marko




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]