[Date Prev][Date Next] [Thread Prev][Thread Next]
Re: F11 iptables can't disable
- From: "KC8LDO" <kc8ldo arrl net>
- To: <vmarko ipb ac rs>
- Cc: fedora-list redhat com
- Subject: Re: F11 iptables can't disable
- Date: Mon, 14 Dec 2009 10:01:31 -0500
The GUI doesn't ask for the root password, and some of the other setups
don't either. I had to go to the menus and modify them to use (su -c
"application") and open the application in a terminal window to get a root
password entered when I want to change something. All of the machines I use
run VNC on my home LAN and it seems a bunch of stuff doesn't work right like
I have a hardware firewall running in front of all of my machines so I
normally don't want one running locally. I want the firewall to pass all
packets with no filtering. Yes I can use "service iptables stop" at the CLI
but the firewall is right back again with filtering when I reboot the
machine. I can see a bunch of filter rules are loaded when I check it so I
know my settings were not respected. I have a FC3, FC5 and a F8 box that
does NOT do this. Even F12 respects the settings, the F11 box does not.
Samba browsing doesn't work on F11 either but seems to work fine on the F12
box, along with the others just fine, and they are setup the same pretty
much as far as samba configuration goes. I can get in to the F11 box to the
file shares from another computer but browsing from the F11 box for file
shares on other computers doesn't work. Somebody else on this list was
having just the reverse problem with their F11 box too. Neither one of us
has figured out why this is happening yet. The F11 box just doesn't want to
The F12 box has frequent dialog box messages waiting for me when I fire up
my VNC viewer to get on the machine. The dialog box message says something
about an authorization failure while the details section doesn't say what
application, service etc caused it, a total waste and absolutely of no use.
So far I have no idea why this is occurring.
I've noticed that the last couple releases of Fedora has gone down hill in
stability and usability when trying to run the system remotely using VNC.
Seems like few people use it the way I do. I run all my machines primarily
as headless work stations. I use VNC on the local LAN from a laptop to get
in to each machine or using putty (ssh) on the Internet while tunneling VNC
through it. Each machine has a different ssh port setup on it, and a fixed
IP, while the router has port forwarding set up to forward the given ssh
port to the right machine. This way I can access any machine on my LAN by
using a different ssh port setting. None of the machines use the standard
ssh port however. Not having things work right or as expected using a VNC
setup is a real deal buster for me. I'm thinking about dumping F11.
Leland C. Scott
The right to practice in one's chosen profession is a Constitutional liberty
[Gibson v. Berryhill, 411 U.S. 564, 571 (1973)] that is violated by visas
that force Americans to train their foreign replacements or otherwise
result in displacement by foreign workers.
----- Original Message -----
From: "Marko Vojinovic" <vvmarko gmail com>
To: <fedora-list redhat com>; "KC8LDO" <kc8ldo arrl net>
Sent: Monday, December 14, 2009 7:51 AM
Subject: Re: F11 iptables can't disable
On Monday 14 December 2009 06:40:28 KC8LDO wrote:
I've been trying to track down a problem where I can't browse the local
network using samba. As one experiment I disabled iptables, or so I
I did, using the services GUI. I can disable the ip6tables firewall it
seems OK, but not the iptables firewall. The GUI shows the service
disabled but still running, red dot and the plug icon in.
"Disabled" (the red dot) means that the service will not be started on
boot. "Running" (the plug) means that the service is currently active.
Those are two separate concepts, you should never confuse them.
is screwed up with how some of the services work on F11 where they don't
stop, start etc. the way they should and ask for a root password,
a pop-up dialog box, to allow making changes.
The password is asked on your first attempt to change something, and
authorization lasts until some reasonable timeout (couple of minutes or
don't know exactly). This is if you use GUI. If you use the "service"
in the terminal, there is no pop-up window, you should be logged in as
Are you not being asked for the root password?
How do you tell iptables to quit, pass all packets through,
service iptables stop
and stay that
way even after rebooting?
chkconfig iptables off
Be warned though, that not running a firewall is a Very Bad Idea if the
machine is connected to the Internet. If you have trouble with samba, I
suggest configuring the firewall appropriately, rather than disabling it
That's a major issue for me. I would suspect that
some system script file(s) are not done right or missing etc.
No, everything is working as expected. The "service" command does what it
intended to do --- start or stop the service. This has of course nothing
with configuring what will happen at next boot.
The "chkconfig" command configures what services will or will not be
I keep getting some mysterious authorization failure message box that
up with no description of where, why and from what caused it. So far I
haven't had any luck finding what it is and stopping whatever the
application or service that's causing it.
Could it be that these are the root password requests that you were asked
while playing with the services GUI? If I understood your comments above,
services GUI failed to ask you for a root password, right? And now you
bunch of password requests waiting somewhere else, right?
It might be that your desktop environment has something screwed up and the
pop-up requests do not appear on the same desktop as the originating app.
IIRC, this is configurable somewhere, depending on the DE you use.
[Date Prev][Date Next] [Thread Prev][Thread Next]