[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] iptables blocking tftp on default installation



On Sun, 11 Jun 2006, Eric Harrison wrote:

On Sat, 10 Jun 2006, Eric Harrison wrote:

On Sat, 10 Jun 2006, Peter Scheie wrote:

I did another installation of beta 7 for version 5.0. I accepted the defaults for everything, except for two things: the host name, and the firewall. The only thing I changed for the firewall is that I selected the option to open port 443 for https, by just selecting the checkbox; I didn't add any other options. After the server finished the installation, I tried to boot my iPaq client, which uses PXE. It hung at the tftp stage, until I turned iptables off at the server, and then the client continued to boot normally.

What assumption does 5.0 make about the state and open port of the firewall/iptables?

Petre

The default is for eth0 to be trusted (i.e. not firewalled at all), and
on eth1 everything is blocked except ssh.

Sounds like when a change is made (such as adding https), it completely
wipes out the K12LTSP 5.0 defaults. That didn't happen in earlier versions.
I'll test that out...

Thanks Petre!

Confirmed, the behavior in FC5 is to blindly discard all of the custom
settings whenever you make a change to the firewall :-(

I'll work on a fix. My first thought is add an init script that injects the
default K12LTSP firewall rules if 1) it is a K12LTSP install and 2) if the
firewall is enabled. In the common case, it would "just work". In other
cases, you could just disable it like any other init script.

-Eric

I'm reasonably happy with this approach. I added a new ltsp_config package
package to the K12LTSP 5.0 beta repositories for testing. After updating,
you can run the following commands to make sure that eth0 is not firewalled
off:

	/sbin/chkconfig iptables-k12ltsp on
	/sbin/service iptables-k12ltsp start

If, for some reason, your terminals are running on a different interface
than eth0, you can edit /etc/sysconfig/iptables-k12ltsp

-Eric


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]