[K12OSN] iptables blocking tftp on default installation
eharrison at mail.mesd.k12.or.us
Sun Jun 11 19:08:18 UTC 2006
On Sat, 10 Jun 2006, Eric Harrison wrote:
> On Sat, 10 Jun 2006, Peter Scheie wrote:
>> I did another installation of beta 7 for version 5.0. I accepted the
>> defaults for everything, except for two things: the host name, and the
>> firewall. The only thing I changed for the firewall is that I selected the
>> option to open port 443 for https, by just selecting the checkbox; I didn't
>> add any other options. After the server finished the installation, I tried
>> to boot my iPaq client, which uses PXE. It hung at the tftp stage, until I
>> turned iptables off at the server, and then the client continued to boot
>> What assumption does 5.0 make about the state and open port of the
> The default is for eth0 to be trusted (i.e. not firewalled at all), and
> on eth1 everything is blocked except ssh.
> Sounds like when a change is made (such as adding https), it completely
> wipes out the K12LTSP 5.0 defaults. That didn't happen in earlier versions.
> I'll test that out...
> Thanks Petre!
Confirmed, the behavior in FC5 is to blindly discard all of the custom
settings whenever you make a change to the firewall :-(
I'll work on a fix. My first thought is add an init script that injects the
default K12LTSP firewall rules if 1) it is a K12LTSP install and 2) if the
firewall is enabled. In the common case, it would "just work". In other
cases, you could just disable it like any other init script.
More information about the K12OSN