[K12OSN] iptables blocking tftp on default installation
Eric Harrison
eharrison at mail.mesd.k12.or.us
Sun Jun 11 19:08:18 UTC 2006
On Sat, 10 Jun 2006, Eric Harrison wrote:
> On Sat, 10 Jun 2006, Peter Scheie wrote:
>
>> I did another installation of beta 7 for version 5.0. I accepted the
>> defaults for everything, except for two things: the host name, and the
>> firewall. The only thing I changed for the firewall is that I selected the
>> option to open port 443 for https, by just selecting the checkbox; I didn't
>> add any other options. After the server finished the installation, I tried
>> to boot my iPaq client, which uses PXE. It hung at the tftp stage, until I
>> turned iptables off at the server, and then the client continued to boot
>> normally.
>>
>> What assumption does 5.0 make about the state and open port of the
>> firewall/iptables?
>>
>> Petre
>
> The default is for eth0 to be trusted (i.e. not firewalled at all), and
> on eth1 everything is blocked except ssh.
>
> Sounds like when a change is made (such as adding https), it completely
> wipes out the K12LTSP 5.0 defaults. That didn't happen in earlier versions.
> I'll test that out...
>
> Thanks Petre!
Confirmed, the behavior in FC5 is to blindly discard all of the custom
settings whenever you make a change to the firewall :-(
I'll work on a fix. My first thought is add an init script that injects the
default K12LTSP firewall rules if 1) it is a K12LTSP install and 2) if the
firewall is enabled. In the common case, it would "just work". In other
cases, you could just disable it like any other init script.
-Eric
More information about the K12OSN
mailing list