[K12OSN] Default iptables?

Patrick Fleming k12ltsp at rwcinc.net
Sat Mar 21 16:11:45 UTC 2009 


Joseph Bishay wrote:
> Hello,
> 
> Since I'm remote from the server and only have SSH access I can follow
> your instructions on service iptables stop but is there a way to test
> if a terminal boots remotely?

Speaking from experience - you may not want to muck around with iptables 
remotely. When you break it you will have to go down and visit the 
console. In this case, I would reboot the server (I know Linux doesn't 
really need to be rebooted except in certain situations, but this way 
you know exactly what is running when it comes back up) Then check 
iptables -L to see what the rules are, verify that you have forwarding on
cat /proc/sys/net/ipv4/ip_forward
should output "1"
or
sysctl net.ipv4.ip_forward
should output net.ipv4.ip_forward = 1

And last I would make sure that the interfaces are truly up.
ifconfig eth0, ifconfig eth1, etc. and see if you can ping at least one 
hop out from the interface on the server.

The other thing - are you sure you got everything plugged back in right?

> 
> The other part of your instructions that makes me a bit nervous is the
> 'start adding ports that need to come in from the internet and to
> clients."  I have no idea what ports are needed or aren't needed :)  I
> assume you're suppose to let everything in and out on the thin client
> network card, but on the Internet-facing NIC is there a standard "let
> these through, don't let those through" list?
> 
> Thank you
> Joseph
> 
> On Sat, Mar 21, 2009 at 11:22 AM, Barry R Cisna <brcisna at eazylivin.net> wrote:
>> Hi Joseph,
>>
>> >From what I understand you can not get any TC's to boot up correctly
>> now? First do an 'service iptables stop' , as root. This will stop
>> iptables altogether. Boot a couple TC's now and make sure your TC's are
>> at least able to boot up correctly at this point.
>>  After you make sure they will boot Ok here.next a good thing to do is
>> install Webmin,on your server and drill to "Network> Linux firewall" in
>> Webmin. Select the one option of default to reject all, this option
>> builds a nice firewall for the server that will work nicely with
>> k12ltsp/k12linux,then start adding ports that needs to come in from the
>> internet and to clients. This will take a lot of the error prone-ness
>> out of setting up iptables. Voice of experience talking here :-)
>> Make sure after this you start the 'iptables-k12ltsp'if this is setup on
>> the server?. to allow all traffic as trusted to the TC's side of your
>> network
>> You should be golden at this point!
>>
>> Take Care,
>> Barry
>>
>>
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>>
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

More information about the K12OSN mailing list